Detections
Analytics
openSUSE Security Update : ledger (openSUSE-2019-1779)
high Nessus Plugin ID 126909
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for ledger fixes the following issues :ledger was updated to 3.1.3 :
+ Properly reject postings with a comment right after the flag (bug #1753)
+ Make sorting order of lot information deterministic (bug #1747)
+ Fix bug in tag value parsing (bug #1702)
+ Remove the org command, which was always a hack to begin with (bug #1706)
+ Provide Docker information in README
+ Various small documentation improvements
This also includes the update to 3.1.2 :
+ Increase maximum length for regex from 255 to 4095 (bug #981)
+ Initialize periods from from/since clause rather than earliest transaction date (bug #1159)
+ Check balance assertions against the amount after the posting (bug #1147)
+ Allow balance assertions with multiple posts to same account (bug #1187)
+ Fix period duration of 'every X days' and similar statements (bug #370)
+ Make option --force-color not require --color anymore (bug #1109)
+ Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.
+ Add support for --prepend-format in accounts command
+ Fix handling of edge cases in trim function (bug #520)
+ Fix auto xact posts not getting applied to account total during journal parse (bug #552)
+ Transfer null_post flags to generated postings
+ Fix segfault when using --market with --group-by
+ Use amount_width variable for budget report
+ Keep pending items in budgets until the last day they apply
+ Fix bug where .total used in value expressions breaks totals
+ Make automated transactions work with assertions (bug #1127)
+ Improve parsing of date tokens (bug #1626)
+ Don't attempt to invert a value if it's already zero (bug #1703)
+ Do not parse user-specified init-file twice
+ Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303, CVE-2017-2807)
+ Fix use-after-free issue with deferred postings (bug #1723, TALOS-2017-0304, CVE-2017-2808)
+ Fix possible stack overflow in option parsing routine (bug #1222, CVE-2017-12481)
+ Fix possible stack overflow in date parsing routine (bug #1224, CVE-2017-12482)
+ Fix use-after-free when using --gain (bug #541)
+ Python: Removed double quotes from Unicode values.
+ Python: Ensure that parse errors produce useful RuntimeErrors
+ Python: Expose journal expand_aliases
+ Python: Expose journal_t::register_account
+ Improve bash completion
+ Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode
+ Various documentation improvements
Solution
Update the affected ledger packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1052478
https://bugzilla.opensuse.org/show_bug.cgi?id=1052484
Plugin Details
Severity: High
ID: 126909
File Name: openSUSE-2019-1779.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/22/2019
Updated: 5/9/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-2808
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:ledger-debuginfo, p-cpe:/a:novell:opensuse:ledger-debugsource, cpe:/o:novell:opensuse:15.1, p-cpe:/a:novell:opensuse:ledger
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/21/2019
Vulnerability Publication Date: 8/4/2017
Reference Information
CVE: CVE-2017-12481, CVE-2017-12482, CVE-2017-2807, CVE-2017-2808