Vulnerabilities > CVE-2018-16875 - Improper Certificate Validation vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

golang

opensuse

CWE-295

nessus

NVD

Published: 2018-12-14

Updated: 2023-11-07

Summary

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Vulnerable Configurations

Part	Description	Count
Application	Golang Golang GO 1.11.0 Golang GO 1.11.1 Golang GO 1.11.2 Golang GO - Golang GO 0.0.0-20201203163018-Be400Aefbc4C Golang GO 1.0 Golang GO 1.0.1 Golang GO 1.0.2 Golang GO 1.0.3 Golang GO 1.1 Golang GO 1.1.1 Golang GO 1.1.2 Golang GO 1.2 Golang GO 1.2.1 Golang GO 1.2.2 Golang GO 1.3 Golang GO 1.3.1 Golang GO 1.3.2 Golang GO 1.3.3 Golang GO 1.4 Golang GO 1.4.1 Golang GO 1.4.2 Golang GO 1.4.3 Golang GO 1.5 Golang GO 1.5.1 Golang GO 1.5.2 Golang GO 1.5.3 Golang GO 1.5.4 Golang GO 1.6 Golang GO 1.6.1 Golang GO 1.6.2 Golang GO 1.6.3 Golang GO 1.6.4 Golang GO 1.7 Golang GO 1.7.1 Golang GO 1.7.2 Golang GO 1.7.3 Golang GO 1.7.4 Golang GO 1.7.5 Golang GO 1.7.6 Golang GO 1.8 Golang GO 1.8.1 Golang GO 1.8.2 Golang GO 1.8.3 Golang GO 1.8.4 Golang GO 1.8.5 Golang GO 1.8.6 Golang GO 1.8.7 Golang GO 1.9 Golang GO 1.9.1 Golang GO 1.9.2 Golang GO 1.9.3 Golang GO 1.9.4 Golang GO 1.9.5 Golang GO 1.9.6 Golang GO 1.9.7 Golang GO 1.10 Golang GO 1.10.1 Golang GO 1.10.2 Golang GO 1.10.3 Golang GO 1.10.4 Golang GO 1.10.5	112
OS	Opensuse Opensuse Leap 42.3	1

Common Weakness Enumeration (CWE)

CWE-295 - Improper Certificate Validation

Common Attack Pattern Enumeration and Classification (CAPEC)

Creating a Rogue Certificate Authority Certificate
An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-295.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of
last seen	2020-06-01
modified	2020-06-02
plugin id	122660
published	2019-03-07
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122660
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-295. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122660); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736"); script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)"); script_summary(english:"Check for the openSUSE-2019-295 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124308" ); script_set_attribute( attribute:"solution", value:"Update the affected containerd / docker / docker-runc / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"containerd-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-ctr-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debugsource-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-debuginfo-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-test-1.0.0~rc6-lp150.2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1130.NASL
description	In Go before 1.10.6 and 1.11.x before 1.11.3, the
last seen	2020-03-28
modified	2018-12-17
plugin id	119689
published	2018-12-17
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119689
title	Amazon Linux AMI : golang (ALAS-2018-1130)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1008.NASL
description	According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Go before 1.10.6 and 1.11.x before 1.11.3, the
last seen	2020-05-03
modified	2020-01-02
plugin id	132601
published	2020-01-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132601
title	EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-1008)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1499.NASL
description	This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125697
published	2019-06-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125697
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)

NASL family	Misc.
NASL id	ARISTA_EOS_SA0039.NASL
description	The version of Arista Networks EOS running on the remote device is affected by a denial of service (DoS) vulnerability in the client certificate authentication process, due to the crypto/x509 package in Go not limiting the amount of work performed for each chain verification. A remote, unauthenticated attacker can exploit this, by sending a crafted certificate to cause the system to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-03-17
modified	2020-02-28
plugin id	134116
published	2020-02-28
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134116
title	Arista Networks EOS DoS (SA0039)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1593.NASL
description	This update for go1.10 fixes the following issues : Security vulnerabilities fixed : - CVE-2018-16873 (bsc#1118897): cmd/go: remote command execution during
last seen	2020-06-05
modified	2018-12-24
plugin id	119861
published	2018-12-24
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119861
title	openSUSE Security Update : go1.10 (openSUSE-2018-1593)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4297-1.NASL
description	This update for containerd, docker and go fixes the following issues : containerd and docker : Add backport for building containerd (bsc#1102522, bsc#1113313) Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) Enable seccomp support on SLE12 (fate#325877) Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) Put containerd under the podruntime slice (bsc#1086185) 3rd party registries used the default Docker certificate (bsc#1084533) Handle build breakage due to missing
last seen	2020-03-18
modified	2019-01-02
plugin id	120195
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120195
title	SUSE SLED15 / SLES15 Security Update : containerd, docker / go (SUSE-SU-2018:4297-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1444.NASL
description	This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125452
published	2019-05-28
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125452
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0495-1.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: Update shell completion to use Group: System/Shells. Add daemon.json file with rotation logs configuration (bsc#1114832) Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. Update go requirements to >= go1.10 Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). Remove the usage of
last seen	2020-06-01
modified	2020-06-02
plugin id	122472
published	2019-02-27
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122472
title	SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (SUSE-SU-2019:0495-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0286-1.NASL
description	This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues : Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork : CVE-2018-16873: cmd/go: remote command execution during
last seen	2020-06-01
modified	2020-06-02
plugin id	122050
published	2019-02-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122050
title	SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2019:0286-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1018.NASL
description	This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897) - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898) - CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899) Non-security issues fixed : - Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (bsc#1119634) The following tracked regression fix is included : - Fix a regression that broke go get for import path patterns containing
last seen	2020-05-31
modified	2019-03-27
plugin id	123157
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123157
title	openSUSE Security Update : go1.11 (openSUSE-2019-1018)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-208.NASL
description	This update for runc fixes the following issues : Security vulnerablities addressed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) - CVE-2018-16873: Fix a remote command execution during
last seen	2020-06-01
modified	2020-06-02
plugin id	122338
published	2019-02-20
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122338
title	openSUSE Security Update : runc (openSUSE-2019-208)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0048-1.NASL
description	This update for helm-mirror to version 0.2.1 fixes the following issues : Security issues fixed : CVE-2018-16873: Fixed a remote command execution (bsc#1118897) CVE-2018-16874: Fixed a directory traversal in
last seen	2020-03-18
modified	2019-01-10
plugin id	121058
published	2019-01-10
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121058
title	SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-C424E3BB72.NASL
description	- Rebase to 1.10.7 - Security fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2019-01-11
plugin id	121084
published	2019-01-11
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121084
title	Fedora 28 : golang (2019-c424e3bb72)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-1198005E1F.NASL
description	- Rebase to go1.11.4 - Security fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2019-01-11
plugin id	121075
published	2019-01-11
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121075
title	Fedora 29 : golang (2019-1198005e1f)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1234-2.NASL
description	This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). docker-test: Improvements to test packaging (bsc#1128746). Move daemon.json file to /etc/docker directory (bsc#1114832). Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). Fix go build failures (bsc#1121397). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125920
published	2019-06-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125920
title	SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (SUSE-SU-2019:1234-2)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0048-2.NASL
description	This update for helm-mirror to version 0.2.1 fixes the following issues : Security issues fixed : CVE-2018-16873: Fixed a remote command execution (bsc#1118897) CVE-2018-16874: Fixed a directory traversal in
last seen	2020-06-01
modified	2020-06-02
plugin id	126492
published	2019-07-05
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126492
title	SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-2)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201812-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-201812-09 (Go: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause arbitrary code execution by passing specially crafted Go packages the ‘go get -u’ command. The remote attacker could also craft pathological inputs causing a CPU based Denial of Service condition via the crypto/x509 package. Workaround : There is no known workaround at this time.
last seen	2020-03-26
modified	2018-12-24
plugin id	119852
published	2018-12-24
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119852
title	GLSA-201812-09 : Go: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1626.NASL
description	This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing
last seen	2020-06-05
modified	2018-12-31
plugin id	119952
published	2018-12-31
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119952
title	openSUSE Security Update : containerd / docker and go (openSUSE-2018-1626)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1079.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of
last seen	2020-06-01
modified	2020-06-02
plugin id	123542
published	2019-04-01
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123542
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-189.NASL
description	This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues : Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork : - CVE-2018-16873: cmd/go: remote command execution during
last seen	2020-06-01
modified	2020-06-02
plugin id	122293
published	2019-02-19
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122293
title	openSUSE Security Update : docker (openSUSE-2019-189)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-3_0-0018_GO.NASL
description	An update of the go package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	126207
published	2019-06-25
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126207
title	Photon OS 3.0: Go PHSA-2019-3.0-0018

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1572.NASL
description	This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897) - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898) - CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899) Non-security issues fixed : - Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (bsc#1119634) The following tracked regression fix is included : - Fix a regression that broke go get for import path patterns containing
last seen	2020-06-05
modified	2018-12-20
plugin id	119804
published	2018-12-20
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119804
title	openSUSE Security Update : go1.11 (openSUSE-2018-1572)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1044.NASL
description	This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing
last seen	2020-06-01
modified	2020-06-02
plugin id	123165
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123165
title	openSUSE Security Update : containerd / docker and go (openSUSE-2019-1044)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References