Vulnerabilities > CVE-2020-8945 - Use After Free vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

nessus

NVD

Published: 2020-02-12

Updated: 2023-11-07

Summary

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Vulnerable Configurations

Part	Description	Count
Application	Gpgme_Project Gpgme Project Gpgme 0.1.0	1
Application	Redhat Redhat Openshift Container Platform 3.11 Redhat Openshift Container Platform 4.1 Redhat Openshift Container Platform 4.2 Redhat Openshift Container Platform 4.3 Redhat Openshift Container Platform 4.4 Redhat Openshift Container Platform 4.5 Redhat Openshift Container Platform FOR IBM Z 4.1 Redhat Openshift Container Platform FOR IBM Z 4.2 Redhat Openshift Container Platform FOR Linuxone 4.1 Redhat Openshift Container Platform FOR Linuxone 4.2	10
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux FOR Power Little Endian 7.0 Redhat Enterprise Linux FOR IBM Z Systems 7.0	6
OS	Fedoraproject Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1234.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-04-01
plugin id	135084
published	2020-04-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135084
title	RHEL 7 : docker (RHSA-2020:1234)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1234. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135084); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2019-16884", "CVE-2020-1702", "CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:1234"); script_name(english:"RHEL 7 : docker (RHSA-2020:1234)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/41.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1234"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16884"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1784228"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795376"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796451"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(41, 400, 416); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-logrotate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-lvm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-novolume-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-rhel-push-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-v1.10-migrator"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker / docker-client / docker-common / etc'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0689.NASL
description	An update for skopeo is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
last seen	2020-03-18
modified	2020-03-11
plugin id	134392
published	2020-03-11
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134392
title	RHEL 8 : OpenShift Container Platform 4.2.22 skopeo (RHSA-2020:0689)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0689. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(134392); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id("CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:0689"); script_name(english:"RHEL 8 : OpenShift Container Platform 4.2.22 skopeo (RHSA-2020:0689)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for skopeo is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es) : * proglottis/gpgme: Use-after-free vulnerability was found in GPGME bindings during container image pull (CVE-2020-8945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0689" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-8945" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0689"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"containers-common-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"containers-common-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"skopeo-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"skopeo-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"skopeo-debuginfo-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"skopeo-debuginfo-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"skopeo-debugsource-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"skopeo-debugsource-0.1.32-7.git1715c90.rhaos4.2.el8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containers-common / skopeo / skopeo-debuginfo / skopeo-debugsource"); } }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0697.NASL
description	An update for skopeo is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
last seen	2020-06-01
modified	2020-06-02
plugin id	134558
published	2020-03-13
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134558
title	RHEL 8 : OpenShift Container Platform 4.1.38 skopeo (RHSA-2020:0697)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0697. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(134558); script_version("1.1"); script_cvs_date("Date: 2020/03/13"); script_cve_id("CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:0697"); script_name(english:"RHEL 8 : OpenShift Container Platform 4.1.38 skopeo (RHSA-2020:0697)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for skopeo is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es) : * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0697" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-8945" ); script_set_attribute( attribute:"solution", value:"Update the affected containers-common and / or skopeo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0697"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"containers-common-0.1.32-6.git1715c90.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"skopeo-0.1.32-6.git1715c90.el8_0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containers-common / skopeo"); } }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1290.NASL
description	According to the version of the iSulad-kit package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.(CVE-2020-8945) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-03
modified	2020-03-23
plugin id	134782
published	2020-03-23
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134782
title	EulerOS 2.0 SP8 : iSulad-kit (EulerOS-SA-2020-1290)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(134782); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2020-8945" ); script_name(english:"EulerOS 2.0 SP8 : iSulad-kit (EulerOS-SA-2020-1290)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the iSulad-kit package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.(CVE-2020-8945) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1290 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c83f34e8"); script_set_attribute(attribute:"solution", value: "Update the affected iSulad-kit package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:iSulad-kit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["iSulad-kit-1.1.4-20200304.043238.gitac98097e.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "iSulad-kit"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-CCC3E64EA5.NASL
description	use crun only for f31+ ---- Suggests: crun for f30 ---- bump to v1.8.0, Security fix for CVE-2020-8945 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-03-10
plugin id	134355
published	2020-03-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134355
title	Fedora 30 : 2:podman (2020-ccc3e64ea5)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-ccc3e64ea5. # include("compat.inc"); if (description) { script_id(134355); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2020-8945"); script_xref(name:"FEDORA", value:"2020-ccc3e64ea5"); script_name(english:"Fedora 30 : 2:podman (2020-ccc3e64ea5)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "use crun only for f31+ ---- Suggests: crun for f30 ---- bump to v1.8.0, Security fix for CVE-2020-8945 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-ccc3e64ea5" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:podman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:podman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"podman-1.8.0-4.fc30", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:podman"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1231.NASL
description	The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1231 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-04-01
plugin id	135085
published	2020-04-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135085
title	RHEL 7 : buildah (RHSA-2020:1231)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1231. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135085); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:1231"); script_name(english:"RHEL 7 : buildah (RHSA-2020:1231)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1231 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1231"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1765469"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1791286"); script_set_attribute(attribute:"solution", value: "Update the affected buildah package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(416); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'buildah-1.11.6-8.el7_8', 'cpu':'s390x', 'release':'7'}, {'reference':'buildah-1.11.6-8.el7_8', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0928.NASL
description	The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0928 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-04-06
plugin id	135230
published	2020-04-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135230
title	RHEL 7 / 8 : OpenShift Container Platform 4.3.8 openshift-clients (RHSA-2020:0928)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0928. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135230); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:0928"); script_name(english:"RHEL 7 / 8 : OpenShift Container Platform 4.3.8 openshift-clients (RHSA-2020:0928)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0928 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0928"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945"); script_set_attribute(attribute:"solution", value: "Update the affected openshift-clients and / or openshift-clients-redistributable packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(416); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.3"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.3::el7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.3::el8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^(7\|8)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'openshift-clients-4.3.7-202003130552.git.0.6027a27.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'openshift-clients-redistributable-4.3.7-202003130552.git.0.6027a27.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'openshift-clients-4.3.7-202003130552.git.0.6027a27.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'openshift-clients-redistributable-4.3.7-202003130552.git.0.6027a27.el8', 'cpu':'x86_64', 'release':'8'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openshift-clients / openshift-clients-redistributable'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1937.NASL
description	The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-08
modified	2020-05-05
plugin id	136320
published	2020-05-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136320
title	RHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1937. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136320); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2020-1702", "CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:1937"); script_name(english:"RHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1937"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795838"); script_set_attribute(attribute:"solution", value: "Update the affected cri-o and / or cri-o-debugsource packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(400, 416); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o-debugsource"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^(7\|8)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'cri-o-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'cri-o-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'cri-o-debugsource-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8', 'cpu':'x86_64', 'release':'8'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-o / cri-o-debugsource'); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-F317E13ECF.NASL
description	Resolves: #1795838, #1802904 - Security fix for CVE-2020-8945 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-24
plugin id	133891
published	2020-02-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133891
title	Fedora 31 : 1:skopeo (2020-f317e13ecf)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-f317e13ecf. # include("compat.inc"); if (description) { script_id(133891); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/10"); script_cve_id("CVE-2020-8945"); script_xref(name:"FEDORA", value:"2020-f317e13ecf"); script_name(english:"Fedora 31 : 1:skopeo (2020-f317e13ecf)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Resolves: #1795838, #1802904 - Security fix for CVE-2020-8945 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f317e13ecf" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:skopeo package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:skopeo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"skopeo-0.1.41-1.fc31", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:skopeo"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-2A0AAC3502.NASL
description	Resolves: #1795838, #1802904 - Security fix for CVE-2020-8945 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-24
plugin id	133883
published	2020-02-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133883
title	Fedora 30 : 1:skopeo (2020-2a0aac3502)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2117.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2117 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-15
modified	2020-05-12
plugin id	136522
published	2020-05-12
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136522
title	RHEL 7 : podman (RHSA-2020:2117)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0679.NASL
description	An update for skopeo is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
last seen	2020-03-18
modified	2020-03-11
plugin id	134389
published	2020-03-11
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134389
title	RHEL 8 : OpenShift Container Platform 4.3.5 skopeo (RHSA-2020:0679)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1230.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1230 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-04-01
plugin id	135082
published	2020-04-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135082
title	RHEL 7 : skopeo (RHSA-2020:1230)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2027.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2027 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-18
modified	2020-05-14
plugin id	136585
published	2020-05-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136585
title	RHEL 8 : OpenShift Container Platform 4.2.33 openshift-clients (RHSA-2020:2027)

Redhat

advisories

rhsa
id RHSA-2020:0679
rhsa
id RHSA-2020:0689
rhsa
id RHSA-2020:0697

rpms

containers-common-1:0.1.40-4.rhaos.el8
skopeo-1:0.1.40-4.rhaos.el8
skopeo-debuginfo-1:0.1.40-4.rhaos.el8
skopeo-debugsource-1:0.1.40-4.rhaos.el8
skopeo-tests-1:0.1.40-4.rhaos.el8
containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8
skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8
skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8
skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8
containers-common-1:0.1.32-6.git1715c90.el8_0
skopeo-1:0.1.32-6.git1715c90.el8_0
skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0
skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0
openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7
openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8
openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7
openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8
containers-common-1:0.1.40-7.el7_8
skopeo-1:0.1.40-7.el7_8
skopeo-debuginfo-1:0.1.40-7.el7_8
buildah-0:1.11.6-8.el7_8
buildah-debuginfo-0:1.11.6-8.el7_8
docker-2:1.13.1-161.git64e9980.el7_8
docker-client-2:1.13.1-161.git64e9980.el7_8
docker-common-2:1.13.1-161.git64e9980.el7_8
docker-debuginfo-2:1.13.1-161.git64e9980.el7_8
docker-logrotate-2:1.13.1-161.git64e9980.el7_8
docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8
docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8
docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8
docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8
podman-0:1.6.4-10.rhaos4.3.el8
podman-debuginfo-0:1.6.4-10.rhaos4.3.el8
podman-debugsource-0:1.6.4-10.rhaos4.3.el8
podman-docker-0:1.6.4-10.rhaos4.3.el8
podman-manpages-0:1.6.4-10.rhaos4.3.el8
podman-remote-0:1.6.4-10.rhaos4.3.el8
podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8
podman-tests-0:1.6.4-10.rhaos4.3.el8
cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7
cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7
cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8
openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8
podman-0:1.6.4-18.el7_8
podman-debuginfo-0:1.6.4-18.el7_8
podman-docker-0:1.6.4-18.el7_8

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References