{"cve": [{"lastseen": "2020-12-09T22:03:04", "description": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-22T15:15:00", "title": "CVE-2020-11076", "type": "cve", "cwe": ["CWE-444"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076"], "modified": "2020-10-07T13:15:00", "cpe": [], "id": "CVE-2020-11076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11076", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:04", "description": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-22T15:15:00", "title": "CVE-2020-11077", "type": "cve", "cwe": ["CWE-444"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11077"], "modified": "2020-10-07T13:15:00", "cpe": [], "id": "CVE-2020-11077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11077", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "description": "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementati ons such as Rubinius and JRuby as well as as providing process worker support to support CRuby well. ", "modified": "2020-09-25T17:18:05", "published": "2020-09-25T17:18:05", "id": "FEDORA:AC7E030C9BDF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2020-07-19T01:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11077", "CVE-2020-11076"], "description": "This update for rubygem-puma to version 4.3.5 fixes the following issues:\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage\n (bsc#1172175).\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid\n transfer-encoding header (bsc#1172176).\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-19T00:15:25", "published": "2020-07-19T00:15:25", "id": "OPENSUSE-SU-2020:1001-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html", "title": "Security update for rubygem-puma (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2020-10-13T05:28:10", "description": "Several security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\nBy using an invalid transfer-encoding header, an attacker could\nsmuggle an HTTP response.\n\nCVE-2020-11077\n\nclient could smuggle a request through a proxy, causing the proxy to\nsend a response back to another unknown client. If the proxy uses\npersistent connections and the client adds another request in via HTTP\npipelining, the proxy may mistake it as the first request's body.\nPuma, however, would see it as two requests, and when processing the\nsecond request, send back a response that the proxy does not expect.\nIf the proxy has reused the persistent connection to Puma to send\nanother request for a different client, the second response from the\nfirst client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/puma\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-10-08T00:00:00", "title": "Debian DLA-2398-1 : puma security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11077", "CVE-2020-11076"], "modified": "2020-10-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puma", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2398.NASL", "href": "https://www.tenable.com/plugins/nessus/141286", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2398-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141286);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2020-11076\", \"CVE-2020-11077\");\n\n script_name(english:\"Debian DLA-2398-1 : puma security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\nBy using an invalid transfer-encoding header, an attacker could\nsmuggle an HTTP response.\n\nCVE-2020-11077\n\nclient could smuggle a request through a proxy, causing the proxy to\nsend a response back to another unknown client. If the proxy uses\npersistent connections and the client adds another request in via HTTP\npipelining, the proxy may mistake it as the first request's body.\nPuma, however, would see it as two requests, and when processing the\nsecond request, send back a response that the proxy does not expect.\nIf the proxy has reused the persistent connection to Puma to send\nanother request for a different client, the second response from the\nfirst client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/puma\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/puma\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/puma\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected puma package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"puma\", reference:\"3.6.0-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-23T03:44:02", "description": "This update for rubygem-puma to version 4.3.5 fixes the following\nissues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to\n proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using\n an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11077", "CVE-2020-11076"], "modified": "2020-07-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-puma-debugsource", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma"], "id": "OPENSUSE-2020-1001.NASL", "href": "https://www.tenable.com/plugins/nessus/138668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1001.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138668);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-11076\", \"CVE-2020-11077\");\n\n script_name(english:\"openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)\");\n script_summary(english:\"Check for the openSUSE-2020-1001 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-puma to version 4.3.5 fixes the following\nissues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to\n proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using\n an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172176\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-puma packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puma-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-puma-4.3.5-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-puma-debuginfo-4.3.5-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rubygem-puma-debugsource-4.3.5-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-puma / ruby2.5-rubygem-puma-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-23T03:48:19", "description": "This update for rubygem-puma to version 4.3.5 fixes the following\nissues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to\n proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using\n an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : rubygem-puma (openSUSE-2020-990)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11077", "CVE-2020-11076"], "modified": "2020-07-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rubygem-puma-debugsource", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma"], "id": "OPENSUSE-2020-990.NASL", "href": "https://www.tenable.com/plugins/nessus/138753", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-990.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138753);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-11076\", \"CVE-2020-11077\");\n\n script_name(english:\"openSUSE Security Update : rubygem-puma (openSUSE-2020-990)\");\n script_summary(english:\"Check for the openSUSE-2020-990 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-puma to version 4.3.5 fixes the following\nissues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to\n proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using\n an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172176\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-puma packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puma-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-puma-4.3.5-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-puma-debuginfo-4.3.5-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rubygem-puma-debugsource-4.3.5-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-puma / ruby2.5-rubygem-puma-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-18T14:45:18", "description": "This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3160-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8165", "CVE-2020-8184", "CVE-2020-15169", "CVE-2020-8166", "CVE-2019-16770", "CVE-2019-5420", "CVE-2020-5247", "CVE-2020-11077", "CVE-2020-8167", "CVE-2020-5249", "CVE-2020-8164", "CVE-2020-11076", "CVE-2019-5419", "CVE-2020-8185", "CVE-2019-5418", "CVE-2020-5267"], "modified": "2020-12-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo"], "id": "SUSE_SU-2020-3160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143623", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3160-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143623);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3160-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203160-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5e6b911\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-3160=1\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-3160=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-2.6.5-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-config-2.6.5-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-debuginfo-2.6.5-3.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-18T12:40:24", "description": "This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5 :\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-23T00:00:00", "title": "openSUSE Security Update : rmt-server (openSUSE-2020-1993)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8165", "CVE-2020-8184", "CVE-2020-15169", "CVE-2020-8166", "CVE-2019-16770", "CVE-2019-5420", "CVE-2020-5247", "CVE-2020-11077", "CVE-2020-8167", "CVE-2020-5249", "CVE-2020-8164", "CVE-2020-11076", "CVE-2019-5419", "CVE-2020-8185", "CVE-2019-5418", "CVE-2020-5267"], "modified": "2020-11-23T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:rmt-server-debuginfo", "p-cpe:/a:novell:opensuse:rmt-server-debugsource", "p-cpe:/a:novell:opensuse:rmt-server", "p-cpe:/a:novell:opensuse:rmt-server-pubcloud", "p-cpe:/a:novell:opensuse:rmt-server-config"], "id": "OPENSUSE-2020-1993.NASL", "href": "https://www.tenable.com/plugins/nessus/143190", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1993.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143190);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"openSUSE Security Update : rmt-server (openSUSE-2020-1993)\");\n script_summary(english:\"Check for the openSUSE-2020-1993 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5 :\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1165548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rmt-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-pubcloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-config-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-debuginfo-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-debugsource-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-pubcloud-2.6.5-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server / rmt-server-config / rmt-server-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-18T14:45:18", "description": "This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurrs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8165", "CVE-2020-8184", "CVE-2020-15169", "CVE-2020-8166", "CVE-2019-16770", "CVE-2019-5420", "CVE-2020-5247", "CVE-2020-11077", "CVE-2020-8167", "CVE-2020-5249", "CVE-2020-8164", "CVE-2020-11076", "CVE-2019-5419", "CVE-2020-8185", "CVE-2019-5418", "CVE-2020-5267"], "modified": "2020-12-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo"], "id": "SUSE_SU-2020-3147-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143622", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3147-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143622);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurrs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203147-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3122c55\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3147=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3147=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3147=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3147=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-2.6.5-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-config-2.6.5-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-debuginfo-2.6.5-3.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-18T14:45:16", "description": "This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5: Solved potential bug of SCC repository URLs\nchanging over time. RMT now self heals by removing the previous\ninvalid repository and creating the correct one.\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nUpdated rails and puma dependencies for security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8165", "CVE-2020-8184", "CVE-2020-15169", "CVE-2020-8166", "CVE-2019-16770", "CVE-2019-5420", "CVE-2020-5247", "CVE-2020-11077", "CVE-2020-8167", "CVE-2020-5249", "CVE-2020-8164", "CVE-2020-11076", "CVE-2019-5419", "CVE-2020-8185", "CVE-2019-5418", "CVE-2020-5267"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server-debugsource", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo"], "id": "SUSE_SU-2020-3036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3036-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143751);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5: Solved potential bug of SCC repository URLs\nchanging over time. RMT now self heals by removing the previous\ninvalid repository and creating the correct one.\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nUpdated rails and puma dependencies for security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203036-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08477350\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-3036=1\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3036=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-config-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-debuginfo-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-debugsource-2.6.5-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-18T12:40:25", "description": "This update for rmt-server fixes the following issues :\n\n - Version 2.6.5\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Version 2.6.4\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Version 2.6.3\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Version 2.6.2\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n\n\n - Version 2.6.1\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Version 2.6.0\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Version 2.5.20\n\n - Updated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n\n - RMT now has the ability to remove local systems with the\n command `rmt-cli systems remove`.\n\n - Version 2.5.18\n\n - Fixed exit code for `rmt-cli mirror` and its\n subcommands. Now it exits with 1 whenever an error\n occurs during mirroring\n\n - Improved message logging for `rtm-cli mirror`. Instead\n of logging an error when it occurs, the command\n summarize all errors at the end of execution. Now log\n messages have colors to better identify failure/success.\n\n - Version 2.5.17\n\n - RMT no longer provides the installer updates repository\n to systems via its zypper service. This repository is\n used during the installation process, as it provides an\n up-to-date installation experience, but it has no use on\n an already installed system.\n\n - Version 2.5.16\n\n - Updated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n\n - RMT now checks if repositories are fully mirrored during\n the activation process. Previously, RMT only checked if\n the repositories were enabled to be mirrored, but not\n that they were actually mirrored. In this case, RMTs\n were not able to provide the repository data which\n systems assumed it had.\n\n - Version 2.5.14\n\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an\n error. Also, instead of returning 0 for thor errors,\n rmt-cli will return 1 instead.\n\n - Version 2.5.13\n\n - Added `rmt-cli repos clean` command to remove locally\n mirrored files of repositories which are not marked to\n be mirrored.\n\n - Previously, RMT didn't track deduplicated files in its\n database. Now, to accommodate `rmt-cli repos clean`, RMT\n will track all mirrored files.\n\n - Move the nginx reload to the configuration package which\n contain nginx config files, don't reload nginx\n unconditionally from main package.\n\n - Version 2.5.12\n\n - Update rack to version 2.2.3 (CVE-2020-8184:\n bsc#1173351)\n\n - Update Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n\n - rmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\n - Version 2.5.10\n\n - Support rmt-server to run with Ruby 2.7\n (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package.\n They are needed together with nginx, not rmt-server.\n\n - Fix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\n - Fix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\n - Version 2.5.9\n\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n\n - Use repomd_parser gem to remove repository metadata\n parsing code.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-24T00:00:00", "title": "openSUSE Security Update : rmt-server (openSUSE-2020-2000)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8165", "CVE-2020-8184", "CVE-2020-15169", "CVE-2020-8166", "CVE-2019-16770", "CVE-2019-5420", "CVE-2020-5247", "CVE-2020-11077", "CVE-2020-8167", "CVE-2020-5249", "CVE-2020-8164", "CVE-2020-11076", "CVE-2019-5419", "CVE-2020-8185", "CVE-2019-5418", "CVE-2020-5267"], "modified": "2020-11-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rmt-server-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:rmt-server-debugsource", "p-cpe:/a:novell:opensuse:rmt-server", "p-cpe:/a:novell:opensuse:rmt-server-pubcloud", "p-cpe:/a:novell:opensuse:rmt-server-config"], "id": "OPENSUSE-2020-2000.NASL", "href": "https://www.tenable.com/plugins/nessus/143225", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143225);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"openSUSE Security Update : rmt-server (openSUSE-2020-2000)\");\n script_summary(english:\"Check for the openSUSE-2020-2000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\n - Version 2.6.5\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Version 2.6.4\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Version 2.6.3\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Version 2.6.2\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n\n\n - Version 2.6.1\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Version 2.6.0\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Version 2.5.20\n\n - Updated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n\n - RMT now has the ability to remove local systems with the\n command `rmt-cli systems remove`.\n\n - Version 2.5.18\n\n - Fixed exit code for `rmt-cli mirror` and its\n subcommands. Now it exits with 1 whenever an error\n occurs during mirroring\n\n - Improved message logging for `rtm-cli mirror`. Instead\n of logging an error when it occurs, the command\n summarize all errors at the end of execution. Now log\n messages have colors to better identify failure/success.\n\n - Version 2.5.17\n\n - RMT no longer provides the installer updates repository\n to systems via its zypper service. This repository is\n used during the installation process, as it provides an\n up-to-date installation experience, but it has no use on\n an already installed system.\n\n - Version 2.5.16\n\n - Updated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n\n - RMT now checks if repositories are fully mirrored during\n the activation process. Previously, RMT only checked if\n the repositories were enabled to be mirrored, but not\n that they were actually mirrored. In this case, RMTs\n were not able to provide the repository data which\n systems assumed it had.\n\n - Version 2.5.14\n\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an\n error. Also, instead of returning 0 for thor errors,\n rmt-cli will return 1 instead.\n\n - Version 2.5.13\n\n - Added `rmt-cli repos clean` command to remove locally\n mirrored files of repositories which are not marked to\n be mirrored.\n\n - Previously, RMT didn't track deduplicated files in its\n database. Now, to accommodate `rmt-cli repos clean`, RMT\n will track all mirrored files.\n\n - Move the nginx reload to the configuration package which\n contain nginx config files, don't reload nginx\n unconditionally from main package.\n\n - Version 2.5.12\n\n - Update rack to version 2.2.3 (CVE-2020-8184:\n bsc#1173351)\n\n - Update Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n\n - rmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\n - Version 2.5.10\n\n - Support rmt-server to run with Ruby 2.7\n (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package.\n They are needed together with nginx, not rmt-server.\n\n - Fix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\n - Fix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\n - Version 2.5.9\n\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n\n - Use repomd_parser gem to remove repository metadata\n parsing code.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rmt-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-pubcloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-config-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-debuginfo-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-debugsource-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-pubcloud-2.6.5-lp151.2.18.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server / rmt-server-config / rmt-server-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-10-08T00:50:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11077", "CVE-2020-11076"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2398-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Abhijith PA\nOctober 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : puma\nVersion : 3.6.0-1+deb9u1\nCVE ID : CVE-2020-11076 CVE-2020-11077\n\nSeveral security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\n By using an invalid transfer-encoding header, an attacker could smuggle\n an HTTP response.\n\nCVE-2020-11077\n\n client could smuggle a request through a proxy, causing the proxy to\n send a response back to another unknown client. If the proxy uses\n persistent connections and the client adds another request in via HTTP\n pipelining, the proxy may mistake it as the first request's body. Puma,\n however, would see it as two requests, and when processing the second\n request, send back a response that the proxy does not expect. If the\n proxy has reused the persistent connection to Puma to send another\n request for a different client, the second response from the first\n client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/puma\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-10-07T11:06:52", "published": "2020-10-07T11:06:52", "id": "DEBIAN:DLA-2398-1:DA3D0", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202010/msg00009.html", "title": "[SECURITY] [DLA 2398-1] puma security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2021-01-08T23:37:03", "bulletinFamily": "software", "cvelist": ["CVE-2020-11077"], "description": "### Impact\nThis is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.\n\nA client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. \n\nIf the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.6 and Puma 4.3.5.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma)\n* See our [security policy](https://github.com/puma/puma/security/policy)", "edition": 3, "modified": "2021-01-08T20:15:55", "published": "2020-05-22T14:55:09", "id": "GHSA-W64W-QQPH-5GXM", "href": "https://github.com/advisories/GHSA-w64w-qqph-5gxm", "title": "HTTP Smuggling via Transfer-Encoding Header in Puma", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-08T23:37:03", "bulletinFamily": "software", "cvelist": ["CVE-2020-11076"], "description": "### Impact\n\nBy using an invalid transfer-encoding header, an attacker could [smuggle an HTTP response.](https://portswigger.net/web-security/request-smuggling)\n\nOriginally reported by @ZeddYu, who has our thanks for the detailed report.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.5 and Puma 4.3.4.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma)\n* See our [security policy](https://github.com/puma/puma/security/policy)", "edition": 3, "modified": "2021-01-08T20:16:10", "published": "2020-05-22T14:55:05", "id": "GHSA-X7JG-6PWG-FX5H", "href": "https://github.com/advisories/GHSA-x7jg-6pwg-fx5h", "title": "HTTP Smuggling via Transfer-Encoding Header in Puma", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
