ID USN-4613-1Type ubuntuReporter UbuntuModified 2020-11-03T00:00:00
Description
Hubert Kario discovered that python-cryptography incorrectly handled certain decryption.
{"id": "USN-4613-1", "bulletinFamily": "unix", "title": "python-cryptography vulnerability", "description": "Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. \nAn attacker could possibly use this issue to expose sensitive information.", "published": "2020-11-03T00:00:00", "modified": "2020-11-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://ubuntu.com/security/notices/USN-4613-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25659"], "cvelist": ["CVE-2020-25659"], "type": "ubuntu", "lastseen": "2020-11-03T21:37:37", "edition": 1, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-25659"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-2173.NASL", "SUSE_SU-2020-3592-1.NASL", "UBUNTU_USN-4613-1.NASL", "SUSE_SU-2020-3629-1.NASL"]}, {"type": "github", "idList": ["GHSA-HGGM-JPG3-V476"]}], "modified": "2020-11-03T21:37:37", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2020-11-03T21:37:37", "rev": 2}, "vulnersScore": 5.5}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "20.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python3-cryptography", "packageVersion": "3.0-1ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "18.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python3-cryptography", "packageVersion": "2.1.4-1ubuntu1.4"}, {"OS": "Ubuntu", "OSVersion": "20.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python-cryptography", "packageVersion": "2.8-3ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "20.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python3-cryptography", "packageVersion": "2.8-3ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "18.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python-cryptography", "packageVersion": "2.1.4-1ubuntu1.4"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python3-cryptography", "packageVersion": "1.2.3-1ubuntu0.3"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "python-cryptography", "packageVersion": "1.2.3-1ubuntu0.3"}]}
{"cve": [{"lastseen": "2021-01-12T15:02:25", "description": "python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.", "edition": 1, "cvss3": {}, "published": "2021-01-11T16:15:00", "title": "CVE-2020-25659", "type": "cve", "cwe": ["CWE-385"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2020-25659"], "modified": "2021-01-11T16:16:00", "cpe": [], "id": "CVE-2020-25659", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25659", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "nessus": [{"lastseen": "2020-12-08T04:29:41", "description": "This update for python-cryptography fixes the following issues :\n\n - CVE-2020-25659: Attempted to mitigate Bleichenbacher\n attacks on RSA decryption (bsc#1178168). This update was\n imported from the SUSE:SLE-15-SP2:Update update project.", "edition": 1, "cvss3": {}, "published": "2020-12-07T00:00:00", "title": "openSUSE Security Update : python-cryptography (openSUSE-2020-2173)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25659"], "modified": "2020-12-07T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:python-cryptography-debugsource", "p-cpe:/a:novell:opensuse:python3-cryptography", "p-cpe:/a:novell:opensuse:python3-cryptography-debuginfo", "p-cpe:/a:novell:opensuse:python2-cryptography-debuginfo", "p-cpe:/a:novell:opensuse:python2-cryptography", "p-cpe:/a:novell:opensuse:python-cryptography-debuginfo"], "id": "OPENSUSE-2020-2173.NASL", "href": "https://www.tenable.com/plugins/nessus/143511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143511);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2020-25659\");\n\n script_name(english:\"openSUSE Security Update : python-cryptography (openSUSE-2020-2173)\");\n script_summary(english:\"Check for the openSUSE-2020-2173 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python-cryptography fixes the following issues :\n\n - CVE-2020-25659: Attempted to mitigate Bleichenbacher\n attacks on RSA decryption (bsc#1178168). This update was\n imported from the SUSE:SLE-15-SP2:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178168\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected python-cryptography packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-cryptography-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python-cryptography-debuginfo-2.8-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python-cryptography-debugsource-2.8-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python2-cryptography-2.8-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python2-cryptography-debuginfo-2.8-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-cryptography-2.8-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-cryptography-debuginfo-2.8-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-cryptography-debuginfo / python-cryptography-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-25T15:14:39", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4613-1 advisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-04T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : python-cryptography vulnerability (USN-4613-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25659"], "modified": "2020-11-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python3-cryptography", "p-cpe:/a:canonical:ubuntu_linux:python-cryptography", "cpe:/o:canonical:ubuntu_linux:20.10"], "id": "UBUNTU_USN-4613-1.NASL", "href": "https://www.tenable.com/plugins/nessus/142368", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4613-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142368);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-25659\");\n script_xref(name:\"USN\", value:\"4613-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : python-cryptography vulnerability (USN-4613-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4613-1 advisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4613-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-cryptography and / or python3-cryptography packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25659\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-cryptography\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'python-cryptography', 'pkgver': '1.2.3-1ubuntu0.3'},\n {'osver': '16.04', 'pkgname': 'python3-cryptography', 'pkgver': '1.2.3-1ubuntu0.3'},\n {'osver': '18.04', 'pkgname': 'python-cryptography', 'pkgver': '2.1.4-1ubuntu1.4'},\n {'osver': '18.04', 'pkgname': 'python3-cryptography', 'pkgver': '2.1.4-1ubuntu1.4'},\n {'osver': '20.04', 'pkgname': 'python-cryptography', 'pkgver': '2.8-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'python3-cryptography', 'pkgver': '2.8-3ubuntu0.1'},\n {'osver': '20.10', 'pkgname': 'python3-cryptography', 'pkgver': '3.0-1ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-cryptography / python3-cryptography');\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-14T06:30:40", "description": "This update for python-cryptography fixes the following issues :\n\nCVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA\ndecryption (bsc#1178168).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {}, "published": "2020-12-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : python-cryptography (SUSE-SU-2020:3592-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25659"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python3-cryptography-debuginfo", "p-cpe:/a:novell:suse_linux:python3-cryptography", "p-cpe:/a:novell:suse_linux:python-cryptography-debugsource", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:python2-cryptography", "p-cpe:/a:novell:suse_linux:python2-cryptography-debuginfo", "p-cpe:/a:novell:suse_linux:python-cryptography-debuginfo"], "id": "SUSE_SU-2020-3592-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3592-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143680);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-25659\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : python-cryptography (SUSE-SU-2020:3592-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python-cryptography fixes the following issues :\n\nCVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA\ndecryption (bsc#1178168).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25659/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203592-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02e78541\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3592=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3592=1\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cryptography-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python-cryptography-debuginfo-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python-cryptography-debugsource-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-cryptography-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-cryptography-debuginfo-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-cryptography-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-cryptography-debuginfo-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python-cryptography-debuginfo-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python-cryptography-debugsource-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-cryptography-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-cryptography-debuginfo-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-cryptography-2.8-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-cryptography-debuginfo-2.8-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-cryptography\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T06:30:40", "description": "This update for python-cryptography fixes the following issues :\n\nCVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA\ndecryption (bsc#1178168).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES12 Security Update : python-cryptography (SUSE-SU-2020:3629-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25659"], "modified": "2020-12-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:python3-cryptography-debuginfo", "p-cpe:/a:novell:suse_linux:python3-cryptography", "p-cpe:/a:novell:suse_linux:python-cryptography-debugsource", "p-cpe:/a:novell:suse_linux:python-cryptography", "p-cpe:/a:novell:suse_linux:python-cryptography-debuginfo"], "id": "SUSE_SU-2020-3629-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143836", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3629-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143836);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-25659\");\n\n script_name(english:\"SUSE SLES12 Security Update : python-cryptography (SUSE-SU-2020:3629-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python-cryptography fixes the following issues :\n\nCVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA\ndecryption (bsc#1178168).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25659/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203629-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42e3c817\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3629=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3629=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3629=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3629=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3629=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3629=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3629=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3629=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3629=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3629=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3629=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3629=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3629=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3629=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3629=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3629=1\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cryptography-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-cryptography-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python-cryptography-debuginfo-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python-cryptography-debugsource-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-cryptography-debuginfo-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-cryptography-debuginfo-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-cryptography-debugsource-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-cryptography-debuginfo-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-cryptography-debugsource-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python-cryptography-debuginfo-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python-cryptography-debugsource-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-cryptography-2.1.4-7.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-cryptography-debuginfo-2.1.4-7.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-cryptography\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2020-10-28T00:16:28", "bulletinFamily": "software", "cvelist": ["CVE-2020-25659"], "description": "### Impact\n\nRSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios.\n\n### Patches\n\nThis is fixed in cryptography 3.2. https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 is the resolving commit.", "edition": 1, "modified": "2020-10-27T20:33:13", "published": "2020-10-27T20:33:13", "id": "GHSA-HGGM-JPG3-V476", "href": "https://github.com/advisories/GHSA-hggm-jpg3-v476", "title": "RSA decryption vulnerable to Bleichenbacher timing vulnerability", "type": "github", "cvss": {"score": 0.0, "vector": "NONE"}}]}
