5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
49.2%
Docker was updated to version 1.3.1 to fix two security issues and several other bugs.
These security issues were fixed :
Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry (CVE-2014-5277).
Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless --insecure-registry
is specified.
These non-security issues were fixed :
Fix issue where volumes would not be shared
Fix issue with --iptables=false
not automatically setting --ip-masq=false
Fix docker run output to non-TTY stdout
Fix escaping $
for environment variables
Fix issue with lowercase onbuild
Dockerfile instruction
Restrict envrionment variable expansion to ENV
, ADD
, COPY
, WORKDIR
, EXPOSE
, VOLUME
and USER
docker exec
allows you to run additional processes inside existing containers
docker create
gives you the ability to create a container via the cli without executing a process
--security-opts
options to allow user to customize container labels and apparmor profiles
docker ps
filters
Wildcard support to copy/add
Move production urls to get.docker.com from get.docker.io
Allocate ip address on the bridge inside a valid cidr
Use drone.io for pr and ci testing
Ability to setup an official registry mirror
Ability to save multiple images with docker save
go was updated to version 1.3.3 to fix one security issue and several other bugs.
This security issue was fixed :
TLS client authentication issue (CVE-2014-7189). These non-security issues were fixed :
Avoid stripping debuginfo on arm, it fails (and is not necessary)
Revert the /usr/share/go/contrib symlink as it caused problems during update. Moved all go sources to /usr/share/go/contrib/src instead of /usr/share/go/contrib/src/pkg and created pkg and src symlinks in contrib to add it to GOPATH
Fixed %go_contribsrcdir value
Copy temporary macros.go as go.macros to avoid it to be built
Do not modify Source: files, because that makes the .src.rpm being tied to one specific arch.
Removed extra src folder in /usr/share/go/contrib: the goal is to transform this folder into a proper entry for GOPATH. This folder is now linked to %(_libdir)/go/contrib
go requires gcc to build sources using cgo
tools-packaging.patch: Allow building cover and vet tools in $GOROOT_TARGET/pkg/tool instead of $GOROOT/pkg/tool. This will allow building go tools as a separate package
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-660.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79241);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-5277", "CVE-2014-7189");
script_name(english:"openSUSE Security Update : docker / go (openSUSE-SU-2014:1411-1)");
script_summary(english:"Check for the openSUSE-2014-660 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Docker was updated to version 1.3.1 to fix two security issues and
several other bugs.
These security issues were fixed :
- Prevent fallback to SSL protocols lower than TLS 1.0 for
client, daemon and registry (CVE-2014-5277).
- Secure HTTPS connection to registries with certificate
verification and without HTTP fallback unless
`--insecure-registry` is specified.
These non-security issues were fixed :
- Fix issue where volumes would not be shared
- Fix issue with `--iptables=false` not automatically
setting `--ip-masq=false`
- Fix docker run output to non-TTY stdout
- Fix escaping `$` for environment variables
- Fix issue with lowercase `onbuild` Dockerfile
instruction
- Restrict envrionment variable expansion to `ENV`, `ADD`,
`COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
- docker `exec` allows you to run additional processes
inside existing containers
- docker `create` gives you the ability to create a
container via the cli without executing a process
- `--security-opts` options to allow user to customize
container labels and apparmor profiles
- docker `ps` filters
- Wildcard support to copy/add
- Move production urls to get.docker.com from
get.docker.io
- Allocate ip address on the bridge inside a valid cidr
- Use drone.io for pr and ci testing
- Ability to setup an official registry mirror
- Ability to save multiple images with docker `save`
go was updated to version 1.3.3 to fix one security issue and several
other bugs.
This security issue was fixed :
- TLS client authentication issue (CVE-2014-7189). These
non-security issues were fixed :
- Avoid stripping debuginfo on arm, it fails (and is not
necessary)
- Revert the /usr/share/go/contrib symlink as it caused
problems during update. Moved all go sources to
/usr/share/go/contrib/src instead of
/usr/share/go/contrib/src/pkg and created pkg and src
symlinks in contrib to add it to GOPATH
- Fixed %go_contribsrcdir value
- Copy temporary macros.go as go.macros to avoid it to be
built
- Do not modify Source: files, because that makes the
.src.rpm being tied to one specific arch.
- Removed extra src folder in /usr/share/go/contrib: the
goal is to transform this folder into a proper entry for
GOPATH. This folder is now linked to
%(_libdir)/go/contrib
- go requires gcc to build sources using cgo
- tools-packaging.patch: Allow building cover and vet
tools in $GOROOT_TARGET/pkg/tool instead of
$GOROOT/pkg/tool. This will allow building go tools as a
separate package"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=898901"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-11/msg00048.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected docker / go packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-emacs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-vim");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/07");
script_set_attribute(attribute:"patch_publication_date", value:"2014/11/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.2", reference:"docker-bash-completion-1.3.1-5.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-zsh-completion-1.3.1-5.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"go-1.3.3-5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"go-debuginfo-1.3.3-5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"go-debugsource-1.3.3-5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"go-emacs-1.3.3-5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"go-vim-1.3.3-5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"docker-1.3.1-5.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"docker-debuginfo-1.3.1-5.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"docker-debugsource-1.3.1-5.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "go / go-debuginfo / go-debugsource / go-emacs / go-vim / docker / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | docker | p-cpe:/a:novell:opensuse:docker |
novell | opensuse | docker-bash-completion | p-cpe:/a:novell:opensuse:docker-bash-completion |
novell | opensuse | docker-debuginfo | p-cpe:/a:novell:opensuse:docker-debuginfo |
novell | opensuse | docker-debugsource | p-cpe:/a:novell:opensuse:docker-debugsource |
novell | opensuse | docker-zsh-completion | p-cpe:/a:novell:opensuse:docker-zsh-completion |
novell | opensuse | go | p-cpe:/a:novell:opensuse:go |
novell | opensuse | go-debuginfo | p-cpe:/a:novell:opensuse:go-debuginfo |
novell | opensuse | go-debugsource | p-cpe:/a:novell:opensuse:go-debugsource |
novell | opensuse | go-emacs | p-cpe:/a:novell:opensuse:go-emacs |
novell | opensuse | go-vim | p-cpe:/a:novell:opensuse:go-vim |