Detections
Analytics

openSUSE Security Update : python-azure-agent (openSUSE-2020-261)

medium Nessus Plugin ID 134193

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for python-azure-agent fixes the following issues :

python-azure-agent was updated to version 2.2.45 (jsc#ECO-80)

 + Add support for Gen2 VM resource disks

 + Use alternate systemd detection

 + Fix /proc/net/route requirement that causes errors on FreeBSD

 + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination

 + Disable cgroups when daemon is setup incorrectly

 + Remove upgrade extension loop for the same goal state

 + Add container id for extension telemetry events

 + Be more exact when detecting IMDS service health

 + Changing add_event to start sending missing fields

From 2.2.44 update :

 + Remove outdated extension ZIP packages

 + Improved error handling when starting extensions using systemd

 + Reduce provisioning time of some custom images

 + Improve the handling of extension download errors

 + New API for extension authors to handle errors during extension update

 + Fix handling of errors in calls to openssl

 + Improve logic to determine current distro

 + Reduce verbosity of several logging statements

From 2.2.42 update :

 + Poll for artifact blob, addresses goal state procesing issue

From 2.2.41 update :

 + Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing

 + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534]

 + Telemetry pipeline for resource monitoring data

From 2.2.40 update :

 + Fixed tracking of memory/cpu usage

 + Do not prevent extensions from running if setting up cgroups fails

 + Enable systemd-aware deprovisioning on all versions >= 18.04

 + Add systemd support for Debian Jessie, Stretch, and Buster

 + Support for Linux Openwrt

From 2.2.38 update :

Security issue fixed :

 + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838)

 + Add fixes for handling swap file and other nit fixes

From 2.2.37 update :

 + Improves re-try logic to handle errors while downloading extensions

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Solution

Update the affected python-azure-agent packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1127838

Plugin Details

Severity: Medium

ID: 134193

File Name: openSUSE-2020-261.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/2/2020

Updated: 3/25/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2019-0804

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python-azure-agent, p-cpe:/a:novell:opensuse:python-azure-agent-test, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/29/2020

Vulnerability Publication Date: 4/9/2019

Reference Information

CVE: CVE-2019-0804