Detections
Analytics
openSUSE Security Update : rubygem-puppet (openSUSE-2017-835)
high Nessus Plugin ID 101969
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for rubygem-puppet fixes the following issues :- CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution (bsc#1040151)
Solution
Update the affected rubygem-puppet packages.See Also
Plugin Details
Severity: High
ID: 101969
File Name: openSUSE-2017-835.nasl
Version: 3.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/26/2017
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 6
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.2
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet, p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet-testsuite, p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet, p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet-testsuite, p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet, p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet-testsuite, p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet, p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet-testsuite, p-cpe:/a:novell:opensuse:rubygem-puppet, p-cpe:/a:novell:opensuse:rubygem-puppet-emacs, p-cpe:/a:novell:opensuse:rubygem-puppet-master, p-cpe:/a:novell:opensuse:rubygem-puppet-master-unicorn, p-cpe:/a:novell:opensuse:rubygem-puppet-vim, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 7/24/2017
Reference Information
CVE: CVE-2017-2295