Detections
Analytics
SUSE SLES15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-2)
critical Nessus Plugin ID 181751
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-2 advisory.- aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.
(CVE-2018-1000518)
- python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. (CVE-2020-25659)
- In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. (CVE-2020-36242)
- An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. (CVE-2021-22569)
- Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message.
Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. (CVE-2021-22570)
- A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures.
A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. (CVE-2022-1941)
- A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. (CVE-2022-3171)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1099269
https://bugzilla.suse.com/1133277
https://bugzilla.suse.com/1144068
https://bugzilla.suse.com/1162343
https://bugzilla.suse.com/1177127
https://bugzilla.suse.com/1178168
https://bugzilla.suse.com/1182066
https://bugzilla.suse.com/1184753
https://bugzilla.suse.com/1194530
https://bugzilla.suse.com/1197726
https://bugzilla.suse.com/1198331
https://bugzilla.suse.com/1199282
https://bugzilla.suse.com/1203681
https://bugzilla.suse.com/1204256
http://www.nessus.org/u?93f40b97
https://www.suse.com/security/cve/CVE-2018-1000518
https://www.suse.com/security/cve/CVE-2020-25659
https://www.suse.com/security/cve/CVE-2020-36242
https://www.suse.com/security/cve/CVE-2021-22569
https://www.suse.com/security/cve/CVE-2021-22570
Plugin Details
Severity: Critical
ID: 181751
File Name: suse_SU-2023-2783-2.nasl
Version: 1.0
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 9/21/2023
Updated: 9/21/2023
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS Score Source: CVE-2020-36242
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:python2-cryptography, p-cpe:/a:novell:suse_linux:python3-requests, p-cpe:/a:novell:suse_linux:python2-psutil, p-cpe:/a:novell:suse_linux:libprotobuf-lite20, p-cpe:/a:novell:suse_linux:python2-requests, p-cpe:/a:novell:suse_linux:python3-websocket-client, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:python3-psutil, p-cpe:/a:novell:suse_linux:python3-cryptography
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/19/2023
Vulnerability Publication Date: 6/26/2018
Reference Information
CVE: CVE-2018-1000518, CVE-2020-25659, CVE-2020-36242, CVE-2021-22569, CVE-2021-22570, CVE-2022-1941, CVE-2022-3171
SuSE: SUSE-SU-2023:2783-2