Detections
Analytics

Fedora 37 : rust-buffered-reader / rust-nettle / rust-nettle-sys / etc (2023-1d0d71b6aa)

high Nessus Plugin ID 176430

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-1d0d71b6aa advisory.

 - - Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out- of-bounds accesses that result in crashes due to bounds checks which are included by default in Rust code.
 This update contains rebuilds of all applications that are based on sequoia-openpgp to address this issue.
 ---- Update to version 1.5.0. This release improves compatibility with the version of librnp that's bundled in recent versions of thunderbird. (FEDORA-2023-1d0d71b6aa)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-1d0d71b6aa

Plugin Details

Severity: High

ID: 176430

File Name: fedora_2023-1d0d71b6aa.nasl

Version: 1.0

Type: local

Agent: unix

Published: 5/26/2023

Updated: 5/26/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:37, p-cpe:/a:fedoraproject:fedora:rust-buffered-reader, p-cpe:/a:fedoraproject:fedora:rust-nettle, p-cpe:/a:fedoraproject:fedora:rust-nettle-sys, p-cpe:/a:fedoraproject:fedora:rust-rpm-sequoia, p-cpe:/a:fedoraproject:fedora:rust-sequoia-keyring-linter, p-cpe:/a:fedoraproject:fedora:rust-sequoia-octopus-librnp, p-cpe:/a:fedoraproject:fedora:rust-sequoia-openpgp, p-cpe:/a:fedoraproject:fedora:rust-sequoia-policy-config, p-cpe:/a:fedoraproject:fedora:rust-sequoia-sop, p-cpe:/a:fedoraproject:fedora:rust-sequoia-sq, p-cpe:/a:fedoraproject:fedora:rust-sequoia-sqv, p-cpe:/a:fedoraproject:fedora:rust-sequoia-wot

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/18/2023

Vulnerability Publication Date: 5/18/2023

Reference Information