Vulnerabilities > CVE-2018-16868 - Information Exposure Through Discrepancy vulnerability in GNU Gnutls
Attack vector
PHYSICAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1477.NASL description This update for gnutls fixes the following issues : Security issue fixed : - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed : - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125619 published 2019-05-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125619 title openSUSE Security Update : gnutls (openSUSE-2019-1477) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1477. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125619); script_version("1.3"); script_cvs_date("Date: 2020/01/13"); script_cve_id("CVE-2018-16868"); script_name(english:"openSUSE Security Update : gnutls (openSUSE-2019-1477)"); script_summary(english:"Check for the openSUSE-2019-1477 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gnutls fixes the following issues : Security issue fixed : - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed : - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134856" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-guile-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-dane-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-dane0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-dane0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-debuginfo-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-debugsource-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-guile-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-guile-debuginfo-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-dane-devel-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-dane0-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-dane0-debuginfo-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-devel-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls30-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls30-debuginfo-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutlsxx-devel-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutlsxx28-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutlsxx28-debuginfo-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-lp150.12.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gnutls-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gnutls-debuginfo-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gnutls-debugsource-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gnutls-guile-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gnutls-guile-debuginfo-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutls-dane-devel-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutls-dane0-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutls-dane0-debuginfo-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutls-devel-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutls30-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutls30-debuginfo-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutlsxx-devel-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutlsxx28-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgnutlsxx28-debuginfo-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-lp151.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-debuginfo / gnutls-debugsource / gnutls-guile / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1353.NASL description This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed : - Update gnutls to support TLS 1.3 (fate#327114) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124714 published 2019-05-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124714 title openSUSE Security Update : gnutls (openSUSE-2019-1353) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1353. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(124714); script_version("1.2"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2018-16868", "CVE-2019-3829", "CVE-2019-3836"); script_name(english:"openSUSE Security Update : gnutls (openSUSE-2019-1353)"); script_summary(english:"Check for the openSUSE-2019-1353 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed : - Update gnutls to support TLS 1.3 (fate#327114) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130681" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130682" ); script_set_attribute( attribute:"see_also", value:"https://features.opensuse.org/327114" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16868"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnutls-guile-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-dane-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-dane0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-dane0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutls30-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-debuginfo-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-debugsource-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-guile-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"gnutls-guile-debuginfo-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-dane-devel-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-dane0-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-dane0-debuginfo-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls-devel-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls30-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutls30-debuginfo-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutlsxx-devel-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutlsxx28-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libgnutlsxx28-debuginfo-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-lp150.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls / gnutls-debuginfo / gnutls-debugsource / gnutls-guile / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-1A0D4443F8.NASL description Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2019-01-15 plugin id 121169 published 2019-01-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121169 title Fedora 28 : gnutls (2019-1a0d4443f8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-1a0d4443f8. # include("compat.inc"); if (description) { script_id(121169); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-16868"); script_xref(name:"FEDORA", value:"2019-1a0d4443f8"); script_name(english:"Fedora 28 : gnutls (2019-1a0d4443f8)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a0d4443f8" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"gnutls-3.6.5-2.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1351-2.NASL description This update for gnutls fixes the following issues : Security issue fixed : CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126442 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126442 title SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1351-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1351-2. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(126442); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2018-16868"); script_name(english:"SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1351-2)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for gnutls fixes the following issues : Security issue fixed : CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1118087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134856" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16868/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191351-2/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4bf7a8b4" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1351=1 SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1351=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-guile-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-guile-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-guile-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libgnutls-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libgnutls30-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libgnutls30-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libgnutlsxx-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libgnutlsxx28-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libgnutlsxx28-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libgnutls-devel-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-guile-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-guile-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libgnutls-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libgnutls30-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libgnutls30-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libgnutlsxx-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libgnutlsxx28-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libgnutlsxx28-debuginfo-3.6.7-6.11.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-79F7540A1E.NASL description - Update to upstream 3.6.5 release - Security fix for CVE-2018-16868 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120549 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120549 title Fedora 29 : gnutls (2018-79f7540a1e) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-79f7540a1e. # include("compat.inc"); if (description) { script_id(120549); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-16868"); script_xref(name:"FEDORA", value:"2018-79f7540a1e"); script_name(english:"Fedora 29 : gnutls (2018-79f7540a1e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to upstream 3.6.5 release - Security fix for CVE-2018-16868 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-79f7540a1e" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"gnutls-3.6.5-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1121-1.NASL description This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: Update gnutls to support TLS 1.3 (fate#327114) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124454 published 2019-05-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124454 title SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1121-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1121-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(124454); script_version("1.3"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2018-16868", "CVE-2019-3829", "CVE-2019-3836"); script_name(english:"SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1121-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for gnutls fixes to version 3.6.7 the following issues : Security issued fixed : CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: Update gnutls to support TLS 1.3 (fate#327114) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1118087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130681" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130682" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16868/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3829/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3836/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191121-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?31acd53f" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1121=1 SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1121=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1121=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16868"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-guile-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"gnutls-debugsource-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-guile-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-guile-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls-devel-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls30-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls30-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx-devel-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx28-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx28-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"gnutls-debugsource-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-guile-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-guile-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls-devel-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls30-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls30-debuginfo-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx-devel-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx28-3.6.7-6.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx28-debuginfo-3.6.7-6.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-99EEFDDC65.NASL description Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-14 plugin id 121141 published 2019-01-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121141 title Fedora 29 : gnutls (2019-99eefddc65) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-99eefddc65. # include("compat.inc"); if (description) { script_id(121141); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-16868"); script_xref(name:"FEDORA", value:"2019-99eefddc65"); script_name(english:"Fedora 29 : gnutls (2019-99eefddc65)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Added explicit Requires for nettle >= 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-99eefddc65" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"gnutls-3.6.5-2.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-24DC022A51.NASL description Security fix for CVE-2018-16868 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2019-01-11 plugin id 121076 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121076 title Fedora 28 : gnutls (2019-24dc022a51) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-24dc022a51. # include("compat.inc"); if (description) { script_id(121076); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26"); script_cve_id("CVE-2018-16868"); script_xref(name:"FEDORA", value:"2019-24dc022a51"); script_name(english:"Fedora 28 : gnutls (2019-24dc022a51)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-16868 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-24dc022a51" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"gnutls-3.6.5-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1351-1.NASL description This update for gnutls fixes the following issues : Security issue fixed : CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125465 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125465 title SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1351-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1351-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125465); script_version("1.3"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2018-16868"); script_name(english:"SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2019:1351-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for gnutls fixes the following issues : Security issue fixed : CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1118087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134856" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16868/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191351-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c2dd390f" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1351=1 SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1351=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1351=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-guile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-guile-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-guile-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-guile-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls30-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls30-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx28-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx28-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-guile-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-guile-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debugsource-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls30-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls30-debuginfo-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx-devel-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx28-3.6.7-6.11.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx28-debuginfo-3.6.7-6.11.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-339-01.NASL description New gnutls packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-10 modified 2018-12-06 plugin id 119447 published 2018-12-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119447 title Slackware 14.2 / current : gnutls (SSA:2018-339-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2018-339-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(119447); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2018-16868"); script_xref(name:"SSA", value:"2018-339-01"); script_name(english:"Slackware 14.2 / current : gnutls (SSA:2018-339-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New gnutls packages are available for Slackware 14.2 and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.344534 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e5b4f6a7" ); script_set_attribute( attribute:"solution", value:"Update the affected gnutls package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gnutls"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.2", pkgname:"gnutls", pkgver:"3.6.5", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"gnutls", pkgver:"3.6.5", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"gnutls", pkgver:"3.6.5", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"gnutls", pkgver:"3.6.5", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:slackware_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://cat.eyalro.net/
- http://cat.eyalro.net/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html
- http://www.securityfocus.com/bid/106080
- http://www.securityfocus.com/bid/106080
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868