Detections
Analytics

Fedora 32 : 1:livecd-tools / createrepo_c / dnf / dnf-plugins-core / etc (2020-5d9f0ce2b3)

high Nessus Plugin ID 141518

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

createrepo_c 0.16.1

 - Update to 0.16.1

 - Add the section number to the manual pages

 - Parse xml snippet in smaller parts (RhBug:1859689)

 - Add module metadata support to createrepo_c (RhBug:1795936)

librepo 1.12.1

 - Update to 1.12.1

 - Validate path read from repomd.xml (RhBug:1868639)

libdnf 0.54.2

 - Update to 0.54.2

 - history: Fix dnf history rollback when a package was removed (RhBug:1683134)

 - Add support for HY_GT, HY_LT in query nevra_strict

 - Fix parsing empty lines in config files

 - Accept '==' as an operator in reldeps (RhBug:1847946)

 - Add log file level main config option (RhBug:1802074)

 - Add protect_running_kernel configuration option (RhBug:1698145)

 - Context part of libdnf cannot assume zchunk is on (RhBug:1851841,1779104)

 - Fix memory leak of resultingModuleIndex and handle g_object refs

 - Redirect librepo logs to libdnf logs with different source

 - Introduce changelog metadata in commit messages

 - Add hy_goal_lock

 - Update Copr targets for packit and use alias

 - Enum/String conversions for Transaction Store/Replay

 - utils: Add a method to decode URLs

 - Unify hawkey.log line format with the rest of the logs

dnf 4.4.0

 - Update to 4.4.0

 - Handle empty comps group name (RhBug:1826198)

 - Remove dead history info code (RhBug:1845800)

 - Improve command emmitter in dnf-automatic

 - Enhance --querytags and --qf help output

 - [history] add option --reverse to history list (RhBug:1846692)

 - Add logfilelevel configuration (RhBug:1802074)

 - Don't turn off stdout/stderr logging longer than necessary (RhBug:1843280)

 - Mention the date/time that updates were applied

 - [dnf-automatic] Wait for internet connection (RhBug:1816308)

 - [doc] Enhance repo variables documentation (RhBug:1848161,1848615)

 - Add librepo logger for handling messages from librepo (RhBug:1816573)

 - [doc] Add package-name-spec to the list of possible specs

 - [doc] Do not use <package-nevr-spec>

 - [doc] Add section to explain -n, -na and -nevra suffixes

 - Add alias 'ls' for list command

 - README: Reference Fedora Weblate instead of Zanata

 - remove log_lock.pid after reboot(Rhbug:1863006)

 - comps: Raise CompsError when removing a non-existent group

 - Add methods for working with comps to RPMTransactionItemWrapper

 - Implement storing and replaying a transaction

 - Log failure to access last makecache time as warning

 - [doc] Document Substitutions class

 - Dont document removed attribute ``reports`` for get_best_selector

 - Change the debug log timestamps from UTC to local time

dnf-plugins-core 4.0.18

 - [needs-restarting] Fix plugin fail if needs-restarting.d does not exist

 - [needs-restarting] add kernel-rt to reboot list

 - Fix debug-restore command

 - [config-manager] enable/disable comma separated pkgs (RhBug:1830530)

 - [debug] Use standard demands.resolving for transaction handling

 - [debug] Do not remove install-only packages (RhBug:1844533)

 - return error when dnf download failed

 - README: Reference Fedora Weblate instead of Zanata

 - [reposync] Add latest NEVRAs per stream to download (RhBug: 1833074)

 - copr: don't try to list runtime dependencies

dnf-plugins-extras 4.0.12

 - Update Cmake to pull translations from weblate

 - Drop Python 2 support

 - README: Add Installation, Contribution, etc

 - Add the DNF_SYSTEM_UPGRADE_NO_REBOOT env variable to control system-upgrade reboot.

 - [system-upgrade] Upgrade groups and environments (RhBug:1845562,1860408)

livecd-tools-27.1-8

 - Fix compatibility with dnf 4.4.0 / libdnf 0.54.2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-5d9f0ce2b3

Plugin Details

Severity: High

ID: 141518

File Name: fedora_2020-5d9f0ce2b3.nasl

Version: 1.3

Type: local

Agent: unix

Published: 10/19/2020

Updated: 2/15/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2020-14352

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:1:livecd-tools, p-cpe:/a:fedoraproject:fedora:createrepo_c, p-cpe:/a:fedoraproject:fedora:dnf, p-cpe:/a:fedoraproject:fedora:dnf-plugins-core, p-cpe:/a:fedoraproject:fedora:dnf-plugins-extras, p-cpe:/a:fedoraproject:fedora:libdnf, p-cpe:/a:fedoraproject:fedora:librepo, cpe:/o:fedoraproject:fedora:32

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/18/2020

Vulnerability Publication Date: 8/30/2020

Reference Information

CVE: CVE-2020-14352