Synopsis
The remote openSUSE host is missing a security update.
Description
This update for nim fixes the following issues :
num was updated to version 1.2.12 :
- Fixed GC crash resulting from inlining of the memory allocation procs
- Fixed “incorrect raises effect for $(NimNode)” (#17454)
From version 1.2.10 :
- Fixed “JS backend doesn’t handle float->int type conversion “ (#8404)
- Fixed “The “try except” not work when the “OSError: Too many open files” error occurs!” (#15925)
- Fixed “Nim emits #line 0 C preprocessor directives with –debugger:native, with ICE in gcc-10”
(#15942)
- Fixed “tfuturevar fails when activated”
(#9695)
- Fixed “nre.escapeRe is not gcsafe” (#16103)
- Fixed ““Error: internal error:
genRecordFieldAux” - in the “version-1-4” branch” (#16069)
- Fixed “-d:fulldebug switch does not compile with gc:arc” (#16214)
- Fixed “osLastError may randomly raise defect and crash” (#16359)
- Fixed “generic importc proc’s don’t work (breaking lots of vmops procs for js)”
(#16428)
- Fixed “Concept: codegen ignores parameter passing” (#16897)
- Fixed “(.push exportc.) interacts with anonymous functions” (#16967)
- Fixed “memory allocation during (.global.) init breaks GC” (#17085)
- Fixed 'Nimble arbitrary code execution for specially crafted package metadata'
+ https://github.com/nim-lang/security/security/advisories /GHSA-rg9f-w24h-962p
+ (boo#1185083, CVE-2021-21372)
- Fixed 'Nimble falls back to insecure http url when fetching packages'
+ https://github.com/nim-lang/security/security/advisories /GHSA-8w52-r35x-rgp8
+ (boo#1185084, CVE-2021-21373)
- Fixed 'Nimble fails to validate certificates due to insecure httpClient defaults'
+ https://github.com/nim-lang/security/security/advisories /GHSA-c2wm-v66h-xhxx
+ (boo#1185085, CVE-2021-21374)
from version 1.2.8
- Fixed “Defer and –gc:arc” (#15071)
- Fixed “Issue with –gc:arc at compile time” (#15129)
- Fixed “Nil check on each field fails in generic function” (#15101)
- Fixed “[strscans] scanf doesn’t match a single character with $+ if it’s the end of the string” (#15064)
- Fixed “Crash and incorrect return values when using readPasswordFromStdin on Windows.” (#15207)
- Fixed “Inconsistent unsigned -> signed RangeDefect usage across integer sizes” (#15210)
- Fixed “toHex results in RangeDefect exception when used with large uint64” (#15257)
- Fixed “Mixing ‘return’ with expressions is allowed in 1.2” (#15280)
- Fixed “proc execCmdEx doesn’t work with
-d:useWinAnsi” (#14203)
- Fixed “memory corruption in tmarshall.nim”
(#9754)
- Fixed “Wrong number of variables” (#15360)
- Fixed “defer doesnt work with block, break and await” (#15243)
- Fixed “Sizeof of case object is incorrect.
Showstopper” (#15516)
- Fixed “Mixing ‘return’ with expressions is allowed in 1.2” (#15280)
- Fixed “regression(1.0.2 => 1.0.4) VM register messed up depending on unrelated context” (#15704)
from version 1.2.6
- Fixed “The pegs module doesn’t work with generics!” (#14718)
- Fixed “[goto exceptions] (.noReturn.) pragma is not detected in a case expression” (#14458)
- Fixed “[exceptions:goto] C compiler error with dynlib pragma calling a proc” (#14240)
- Fixed “Nim source archive install:
‘install.sh’ fails with error: cp: cannot stat ‘bin/nim-gdb’: No such file or directory” (#14748)
- Fixed “Stropped identifiers don’t work as field names in tuple literals” (#14911)
- Fixed “uri.decodeUrl crashes on incorrectly formatted input” (#14082)
- Fixed “odbcsql module has some wrong integer types” (#9771)
- Fixed “[ARC] Compiler crash declaring a finalizer proc directly in ‘new’” (#15044)
- Fixed “code with named arguments in proc of winim/com can not been compiled” (#15056)
- Fixed “javascript backend produces JavaScript code with syntax error in object syntax” (#14534)
- Fixed “[ARC] SIGSEGV when calling a closure as a tuple field in a seq” (#15038)
- Fixed “Compiler crashes when using string as object variant selector with else branch” (#14189)
- Fixed “Constructing a uint64 range on a 32-bit machine leads to incorrect codegen” (#14616)
Update to version 1.2.2 :
- See https://nim-lang.org/blog.html for details
Update to version 1.0.2 :
- See https://nim-lang.org/blog.html for details
Solution
Update the affected nim packages.
Plugin Details
File Name: openSUSE-2021-618.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:nim, p-cpe:/a:novell:opensuse:nim-debuginfo, cpe:/o:novell:opensuse:15.2
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Ease: Exploits are available
Patch Publication Date: 4/25/2021
Vulnerability Publication Date: 3/26/2021