Detections
Analytics
openSUSE Security Update : axel (openSUSE-2020-778)
medium Nessus Plugin ID 137227
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for axel fixes the following issues :axel was updated to 2.17.8 :
- CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)
- Replaced progressbar line clearing with terminal control sequence
- Fixed parsing of Content-Disposition HTTP header
- Fixed User-Agent HTTP header never being included
Update to version 2.17.7 :
- Buildsystem fixes
- Fixed release date for man-pages on BSD
- Explicitly close TCP sockets on SSL connections too
- Fixed HTTP basic auth header generation
- Changed the default progress report to 'alternate output mode'
- Improved English in README.md
Update to version 2.17.6 :
- Fixed handling of non-recoverable HTTP errors
- Cleanup of connection setup code
- Fixed manpage reproducibility issue
- Use tracker instead of PTS from Debian
Update to version 2.17.5 :
- Fixed progress indicator misalignment
- Cleaned up the wget-like progress output code
- Improved progress output flushing
Update to version 2.17.4 :
- Fixed build with bionic libc (Android)
- TCP Fast Open support on Linux
- TCP code cleanup
- Removed dependency on libm
- Data types and format strings cleanup
- String handling cleanup
- Format string checking GCC attributes added
- Buildsystem fixes and improvements
- Updates to the documentation
- Updated all translations
- Fixed Footnotes in documentation
- Fixed a typo in README.md
Update to version 2.17.3 :
- Builds now use canonical host triplet instead of `uname
-s`
- Fixed build on Darwin / Mac OS X
- Fixed download loops caused by last byte pointer being off by one
- Fixed linking issues (i18n and posix threads)
- Updated build instructions
- Code cleanup
- Added autoconf-archive to building instructions
Update to version 2.17.2 :
- Fixed HTTP request-ranges to be zero-based
- Fixed typo 'too may' -> 'too many'
- Replaced malloc + memset calls with calloc
- Sanitize progress bar buffer len passed to memset
Update to version 2.17.1 :
- Fixed comparison error in axel_divide
- Make sure maxconns is at least 1
Update to version 2.17 :
- Fixed composition of URLs in redirections
- Fixed request range calculation
- Updated all translations
- Updated build documentation
- Major code cleanup
- Cleanup of alternate progress output
- Removed global string buffers
- Fixed min and max macros
- Moved User-Agent header to conf->add_header
- Use integers for speed ratio and delay calculation
- Added support for parsing IPv6 literal hostname
- Fixed filename extraction from URL
- Fixed request-target message to proxy
- Handle secure protocol's schema even with SSL disabled
- Fixed Content-Disposition filename value decoding
- Strip leading hyphens in extracted filenames
Solution
Update the affected axel packages.See Also
Plugin Details
Severity: Medium
ID: 137227
File Name: openSUSE-2020-778.nasl
Version: 1.3
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/8/2020
Updated: 3/7/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2020-13614
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:axel, p-cpe:/a:novell:opensuse:axel-debuginfo, p-cpe:/a:novell:opensuse:axel-debugsource, cpe:/o:novell:opensuse:15.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/7/2020
Vulnerability Publication Date: 5/26/2020
Reference Information
CVE: CVE-2020-13614