Vulnerabilities > CVE-2018-16875 - Improper Certificate Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Creating a Rogue Certificate Authority Certificate An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-295.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of last seen 2020-06-01 modified 2020-06-02 plugin id 122660 published 2019-03-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122660 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-295. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122660); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736"); script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)"); script_summary(english:"Check for the openSUSE-2019-295 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124308" ); script_set_attribute( attribute:"solution", value:"Update the affected containerd / docker / docker-runc / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"containerd-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-ctr-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debugsource-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-debuginfo-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-test-1.0.0~rc6-lp150.2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1130.NASL description In Go before 1.10.6 and 1.11.x before 1.11.3, the last seen 2020-03-28 modified 2018-12-17 plugin id 119689 published 2018-12-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119689 title Amazon Linux AMI : golang (ALAS-2018-1130) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1008.NASL description According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Go before 1.10.6 and 1.11.x before 1.11.3, the last seen 2020-05-03 modified 2020-01-02 plugin id 132601 published 2020-01-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132601 title EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-1008) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1499.NASL description This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125697 published 2019-06-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125697 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499) NASL family Misc. NASL id ARISTA_EOS_SA0039.NASL description The version of Arista Networks EOS running on the remote device is affected by a denial of service (DoS) vulnerability in the client certificate authentication process, due to the crypto/x509 package in Go not limiting the amount of work performed for each chain verification. A remote, unauthenticated attacker can exploit this, by sending a crafted certificate to cause the system to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-17 modified 2020-02-28 plugin id 134116 published 2020-02-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134116 title Arista Networks EOS DoS (SA0039) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1593.NASL description This update for go1.10 fixes the following issues : Security vulnerabilities fixed : - CVE-2018-16873 (bsc#1118897): cmd/go: remote command execution during last seen 2020-06-05 modified 2018-12-24 plugin id 119861 published 2018-12-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119861 title openSUSE Security Update : go1.10 (openSUSE-2018-1593) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4297-1.NASL description This update for containerd, docker and go fixes the following issues : containerd and docker : Add backport for building containerd (bsc#1102522, bsc#1113313) Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) Enable seccomp support on SLE12 (fate#325877) Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) Put containerd under the podruntime slice (bsc#1086185) 3rd party registries used the default Docker certificate (bsc#1084533) Handle build breakage due to missing last seen 2020-03-18 modified 2019-01-02 plugin id 120195 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120195 title SUSE SLED15 / SLES15 Security Update : containerd, docker / go (SUSE-SU-2018:4297-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1444.NASL description This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125452 published 2019-05-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125452 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0495-1.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: Update shell completion to use Group: System/Shells. Add daemon.json file with rotation logs configuration (bsc#1114832) Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. Update go requirements to >= go1.10 Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). Remove the usage of last seen 2020-06-01 modified 2020-06-02 plugin id 122472 published 2019-02-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122472 title SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (SUSE-SU-2019:0495-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0286-1.NASL description This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues : Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork : CVE-2018-16873: cmd/go: remote command execution during last seen 2020-06-01 modified 2020-06-02 plugin id 122050 published 2019-02-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122050 title SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2019:0286-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1018.NASL description This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897) - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898) - CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899) Non-security issues fixed : - Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (bsc#1119634) The following tracked regression fix is included : - Fix a regression that broke go get for import path patterns containing last seen 2020-05-31 modified 2019-03-27 plugin id 123157 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123157 title openSUSE Security Update : go1.11 (openSUSE-2019-1018) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-208.NASL description This update for runc fixes the following issues : Security vulnerablities addressed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) - CVE-2018-16873: Fix a remote command execution during last seen 2020-06-01 modified 2020-06-02 plugin id 122338 published 2019-02-20 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122338 title openSUSE Security Update : runc (openSUSE-2019-208) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0048-1.NASL description This update for helm-mirror to version 0.2.1 fixes the following issues : Security issues fixed : CVE-2018-16873: Fixed a remote command execution (bsc#1118897) CVE-2018-16874: Fixed a directory traversal in last seen 2020-03-18 modified 2019-01-10 plugin id 121058 published 2019-01-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121058 title SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-C424E3BB72.NASL description - Rebase to 1.10.7 - Security fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-11 plugin id 121084 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121084 title Fedora 28 : golang (2019-c424e3bb72) NASL family Fedora Local Security Checks NASL id FEDORA_2019-1198005E1F.NASL description - Rebase to go1.11.4 - Security fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2019-01-11 plugin id 121075 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121075 title Fedora 29 : golang (2019-1198005e1f) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1234-2.NASL description This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). docker-test: Improvements to test packaging (bsc#1128746). Move daemon.json file to /etc/docker directory (bsc#1114832). Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). Fix go build failures (bsc#1121397). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125920 published 2019-06-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125920 title SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (SUSE-SU-2019:1234-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0048-2.NASL description This update for helm-mirror to version 0.2.1 fixes the following issues : Security issues fixed : CVE-2018-16873: Fixed a remote command execution (bsc#1118897) CVE-2018-16874: Fixed a directory traversal in last seen 2020-06-01 modified 2020-06-02 plugin id 126492 published 2019-07-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126492 title SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-2) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201812-09.NASL description The remote host is affected by the vulnerability described in GLSA-201812-09 (Go: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause arbitrary code execution by passing specially crafted Go packages the ‘go get -u’ command. The remote attacker could also craft pathological inputs causing a CPU based Denial of Service condition via the crypto/x509 package. Workaround : There is no known workaround at this time. last seen 2020-03-26 modified 2018-12-24 plugin id 119852 published 2018-12-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119852 title GLSA-201812-09 : Go: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1626.NASL description This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing last seen 2020-06-05 modified 2018-12-31 plugin id 119952 published 2018-12-31 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119952 title openSUSE Security Update : containerd / docker and go (openSUSE-2018-1626) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1079.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of last seen 2020-06-01 modified 2020-06-02 plugin id 123542 published 2019-04-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123542 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-189.NASL description This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues : Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork : - CVE-2018-16873: cmd/go: remote command execution during last seen 2020-06-01 modified 2020-06-02 plugin id 122293 published 2019-02-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122293 title openSUSE Security Update : docker (openSUSE-2019-189) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0018_GO.NASL description An update of the go package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126207 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126207 title Photon OS 3.0: Go PHSA-2019-3.0-0018 NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1572.NASL description This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897) - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898) - CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899) Non-security issues fixed : - Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (bsc#1119634) The following tracked regression fix is included : - Fix a regression that broke go get for import path patterns containing last seen 2020-06-05 modified 2018-12-20 plugin id 119804 published 2018-12-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119804 title openSUSE Security Update : go1.11 (openSUSE-2018-1572) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1044.NASL description This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing last seen 2020-06-01 modified 2020-06-02 plugin id 123165 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123165 title openSUSE Security Update : containerd / docker and go (openSUSE-2019-1044)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html
- http://www.securityfocus.com/bid/106230
- http://www.securityfocus.com/bid/106230
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875
- https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0
- https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0
- https://security.gentoo.org/glsa/201812-09
- https://security.gentoo.org/glsa/201812-09