CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
22.7%
This update fixes the following issues :
golang-github-prometheus-prometheus :
Add support for Uyuni/SUSE Manager service discovery
Readded _service file removed in error.
Update to 2.11.1
Update to 2.11.0
resolve race condition in maxGauge.
Fix ZooKeeper connection leak.
Improved atomicity of .tmp block replacement during compaction for usual case.
Fix ‘unknown series references’ after clean shutdown.
Re-calculate block size when calling block.Delete.
Fix unsafe snapshots with head block.
prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure.
Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log)
The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before
Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total
Add option to use Alertmanager API v2.
Added humanizePercentage function for templates.
Include InitContainers in Kubernetes Service Discovery.
Provide option to compress WAL records using Snappy.
Create new clean segment when starting the WAL.
Reduce allocations in PromQL aggregations.
Add storage warnings to LabelValues and LabelNames API results.
Add prometheus_http_requests_total metric.
Enable openbsd/arm build.
Remote-write allocation improvements.
Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels.
Allow injection of arbitrary headers in promtool.
Allow passing external_labels in alert unit tests groups.
Allows globs for rules when unit testing.
Improved postings intersection matching.
Reduced disk usage for WAL for small setups.
Optimize queries using regexp for set lookups.
Rebase patch002-Default-settings.patch
Update to 2.10.0 :
TSDB: Don’t panic when running out of disk space and recover nicely from the condition
TSDB: Correctly handle empty labels.
TSDB: Don’t crash on an unknown tombstone reference.
Storage/remote: Remove queue-manager specific metrics if queue no longer exists.
PromQL: Correctly display {name=‘a’}.
Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue.
Discovery/azure: Don’t panic on a VM with a public IP.
Web: Fixed Content-Type for js and css instead of using /etc/mime.types.
API: Encode alert values as string to correctly represent Inf/NaN.
Template expansion: Make external labels available as $externalLabels in alert and console template expansion.
TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to.
tsdb
Scrape: Add scrape_series_added per-scrape metric. #5546
Discovery/kubernetes: Add labels
__meta_kubernetes_endpoint_node_name and
__meta_kubernetes_endpoint_hostname.
Discovery/azure: Add label
__meta_azure_machine_public_ip.
TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb
Log filesystem type on startup.
Cmd/promtool: Use POST requests for Query and QueryRange. client_golang
Web: Sort alerts by group name.
Console templates: Add convenience variables $rawParams, $params, $path.
Upadte to 2.9.2
Make sure subquery range is taken into account for selection
Exhaust every request body before closing it
Cmd/promtool: return errors from rule evaluations
Remote Storage: string interner should not panic in release
Fix memory allocation regression in mergedPostings.Seek tsdb
Update to 2.9.1
Discovery/kubernetes: fix missing label sanitization
Remote_write: Prevent reshard concurrent with calling stop
Update to 2.9.0
Update Consul to support catalog.ServiceMultipleTags.
Discovery/kubernetes: add present labels for labels/annotations.
OpenStack SD: Add ProjectID and UserID meta labels.
Add GODEBUG and retention to the runtime page.
Add support for POSTing to /series endpoint.
Support PUT methods for Lifecycle and Admin APIs.
Scrape: Add global jitter for HA server.
Check for cancellation on every step of a range evaluation.
String interning for labels & values in the remote_write path.
Don’t lose the scrape cache on a failed scrape.
Reload cert files from disk automatically. common
Use fixed length millisecond timestamp format for logs.
common
Performance improvements for postings. Bug Fixes :
Remote Write: fix checkpoint reading.
Check if label value is valid when unmarshaling external labels from YAML.
Promparse: sort all labels when parsing.
Reload rules: copy state on both name and labels.
Exponentation operator to drop metric name in result of operation.
Config: resolve more file paths.
Promtool: resolve relative paths in alert test files.
Set TLSHandshakeTimeout in HTTP transport. common
Use fsync to be more resilient to machine crashes.
Keep series that are still in WAL in checkpoints.
Update to 2.8.1
Update to 2.8.0
This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases.
Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag
–storage.tsdb.retention and size retention by
–storage.tsdb.retention.size.
prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes.
Enhancements :
- Use the WAL for remote_write API.
Query performance improvements.
UI enhancements with upgrade to Bootstrap 4.
Reduce time that Alertmanagers are in flux when reloaded.
Limit number of metrics displayed on UI to 10000.
(1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick.
In histogram_quantile merge buckets with equivalent le values.
Show list of offending labels in the error message in many-to-many scenarios.
Show Storage Retention criteria in effect on /status page.
Bug Fixes :
Fix sorting of rule groups.
Fix support for password_file and bearer_token_file in Kubernetes SD.
Scrape: catch errors when creating HTTP clients
Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total
Fix panic when aggregator param is not a literal.
mgr-cfg: Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-daemon: Fix systemd timer configuration on SLE12 (bsc#1142038)
mgr-osad: Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453)
Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-virtualization: Fix missing python 3 ugettext (bsc#1138494)
Fix package dependencies to prevent file conflict (bsc#1143856)
rhnlib: Add SNI support for clients
Fix initialize ssl connection (bsc#1144155)
Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)
spacecmd: Bugfix: referenced variable before assignment.
Bugfix: ‘dict’ object has no attribute ‘iteritems’ (bsc#1135881)
Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution
Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311)
spacewalk-backend: Do not overwrite comps and module data with older versions
Fix issue with ‘dists’ keyword in url hostname
Import packages from all collections of a patch not just first one
Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to ‘registration.register_osad’ (bsc#1138822)
Fix reposync when dealing with RedHat CDN (bsc#1138358)
Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)
Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940)
Add journalctl output to spacewalk-debug tarballs
Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715)
Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029)
Add support for ULN repositories on new Zypper based reposync.
Don’t skip Deb package tags on package import (bsc#1130040)
For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125)
prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889)
spacewalk-remote-utils: Add RHEL8
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2317-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(128611);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/26");
script_cve_id("CVE-2019-10136");
script_name(english:"SUSE SLED15 / SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2019:2317-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update fixes the following issues :
golang-github-prometheus-prometheus :
Add support for Uyuni/SUSE Manager service discovery
+ Added 0003-Add-Uyuni-service-discovery
Readded _service file removed in error.
Update to 2.11.1
+ Bug Fix :
- Fix potential panic when prometheus is watching multiple
zookeeper paths.
Update to 2.11.0
+ Bug Fix :
- resolve race condition in maxGauge.
- Fix ZooKeeper connection leak.
- Improved atomicity of .tmp block replacement during
compaction for usual case.
- Fix 'unknown series references' after clean shutdown.
- Re-calculate block size when calling block.Delete.
- Fix unsafe snapshots with head block.
- prometheus_tsdb_compactions_failed_total is now
incremented on any compaction failure.
+ Changes :
- Remove max_retries from queue_config (it has been unused
since rewriting remote-write to utilize the
write-ahead-log)
- The meta file BlockStats no longer holds size
information. This is now dynamically calculated and kept
in memory. It also includes the meta file size which was
not included before
- Renamed metric from
prometheus_tsdb_wal_reader_corruption_errors to
prometheus_tsdb_wal_reader_corruption_errors_total
+ Features :
- Add option to use Alertmanager API v2.
- Added humanizePercentage function for templates.
- Include InitContainers in Kubernetes Service Discovery.
- Provide option to compress WAL records using Snappy.
+ Enhancements :
- Create new clean segment when starting the WAL.
- Reduce allocations in PromQL aggregations.
- Add storage warnings to LabelValues and LabelNames API
results.
- Add prometheus_http_requests_total metric.
- Enable openbsd/arm build.
- Remote-write allocation improvements.
- Query performance improvement: Efficient iteration and
search in HashForLabels and HashWithoutLabels.
- Allow injection of arbitrary headers in promtool.
- Allow passing external_labels in alert unit tests
groups.
- Allows globs for rules when unit testing.
- Improved postings intersection matching.
- Reduced disk usage for WAL for small setups.
- Optimize queries using regexp for set lookups.
Rebase patch002-Default-settings.patch
Update to 2.10.0 :
+ Bug Fixes :
- TSDB: Don't panic when running out of disk space and
recover nicely from the condition
- TSDB: Correctly handle empty labels.
- TSDB: Don't crash on an unknown tombstone reference.
- Storage/remote: Remove queue-manager specific metrics if
queue no longer exists.
- PromQL: Correctly display {__name__='a'}.
- Discovery/kubernetes: Use service rather than ingress as
the name for the service workqueue.
- Discovery/azure: Don't panic on a VM with a public IP.
- Web: Fixed Content-Type for js and css instead of using
/etc/mime.types.
- API: Encode alert values as string to correctly
represent Inf/NaN.
+ Features :
- Template expansion: Make external labels available as
$externalLabels in alert and console template expansion.
- TSDB: Add prometheus_tsdb_wal_segment_current metric for
the WAL segment index that TSDB is currently writing to.
tsdb
- Scrape: Add scrape_series_added per-scrape metric. #5546
+ Enhancements
- Discovery/kubernetes: Add labels
__meta_kubernetes_endpoint_node_name and
__meta_kubernetes_endpoint_hostname.
- Discovery/azure: Add label
__meta_azure_machine_public_ip.
- TSDB: Simplify mergedPostings.Seek, resulting in better
performance if there are many posting lists. tsdb
- Log filesystem type on startup.
- Cmd/promtool: Use POST requests for Query and
QueryRange. client_golang
- Web: Sort alerts by group name.
- Console templates: Add convenience variables $rawParams,
$params, $path.
Upadte to 2.9.2
+ Bug Fixes :
- Make sure subquery range is taken into account for
selection
- Exhaust every request body before closing it
- Cmd/promtool: return errors from rule evaluations
- Remote Storage: string interner should not panic in
release
- Fix memory allocation regression in mergedPostings.Seek
tsdb
Update to 2.9.1
+ Bug Fixes :
- Discovery/kubernetes: fix missing label sanitization
- Remote_write: Prevent reshard concurrent with calling
stop
Update to 2.9.0
+ Feature :
- Add honor_timestamps scrape option.
+ Enhancements :
- Update Consul to support catalog.ServiceMultipleTags.
- Discovery/kubernetes: add present labels for
labels/annotations.
- OpenStack SD: Add ProjectID and UserID meta labels.
- Add GODEBUG and retention to the runtime page.
- Add support for POSTing to /series endpoint.
- Support PUT methods for Lifecycle and Admin APIs.
- Scrape: Add global jitter for HA server.
- Check for cancellation on every step of a range
evaluation.
- String interning for labels & values in the remote_write
path.
- Don't lose the scrape cache on a failed scrape.
- Reload cert files from disk automatically. common
- Use fixed length millisecond timestamp format for logs.
common
- Performance improvements for postings. Bug Fixes :
- Remote Write: fix checkpoint reading.
- Check if label value is valid when unmarshaling external
labels from YAML.
- Promparse: sort all labels when parsing.
- Reload rules: copy state on both name and labels.
- Exponentation operator to drop metric name in result of
operation.
- Config: resolve more file paths.
- Promtool: resolve relative paths in alert test files.
- Set TLSHandshakeTimeout in HTTP transport. common
- Use fsync to be more resilient to machine crashes.
- Keep series that are still in WAL in checkpoints.
Update to 2.8.1
+ Bug Fixes
- Display the job labels in /targets which was removed
accidentally
Update to 2.8.0
+ Change :
- This release uses Write-Ahead Logging (WAL) for the
remote_write API. This currently causes a slight
increase in memory usage, which will be addressed in
future releases.
- Default time retention is used only when no size based
retention is specified. These are flags where time
retention is specified by the flag
--storage.tsdb.retention and size retention by
--storage.tsdb.retention.size.
- prometheus_tsdb_storage_blocks_bytes_total is now
prometheus_tsdb_storage_blocks_bytes.
+ Feature :
- (EXPERIMENTAL) Time overlapping blocks are now allowed;
vertical compaction and vertical query merge. It is an
optional feature which is controlled by the
--storage.tsdb.allow-overlapping-blocks flag, disabled
by default.
+ Enhancements :
	- Use the WAL for remote_write API.
- Query performance improvements.
- UI enhancements with upgrade to Bootstrap 4.
- Reduce time that Alertmanagers are in flux when
reloaded.
- Limit number of metrics displayed on UI to 10000.
- (1) Remember All/Unhealthy choice on target-overview
when reloading page. (2) Resize text-input area on Graph
page on mouseclick.
- In histogram_quantile merge buckets with equivalent le
values.
- Show list of offending labels in the error message in
many-to-many scenarios.
- Show Storage Retention criteria in effect on /status
page.
+ Bug Fixes :
+ Fix sorting of rule groups.
+ Fix support for password_file and bearer_token_file in
Kubernetes SD.
+ Scrape: catch errors when creating HTTP clients
+ Adds new metrics: prometheus_target_scrape_pools_total
prometheus_target_scrape_pools_failed_total
prometheus_target_scrape_pool_reloads_total
prometheus_target_scrape_pool_reloads_failed_total
+ Fix panic when aggregator param is not a literal.
mgr-cfg: Ensure bytes type when using hashlib to avoid traceback
(bsc#1138822)
mgr-daemon: Fix systemd timer configuration on SLE12 (bsc#1142038)
mgr-osad: Fix obsolete for old osad packages, to allow installing
mgr-osad even by using osad at yum/zyppper install (bsc#1139453)
Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)
mgr-virtualization: Fix missing python 3 ugettext (bsc#1138494)
Fix package dependencies to prevent file conflict (bsc#1143856)
rhnlib: Add SNI support for clients
Fix initialize ssl connection (bsc#1144155)
Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)
spacecmd: Bugfix: referenced variable before assignment.
Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881)
Add unit tests for custominfo, snippet, scap, ssm, cryptokey and
distribution
Fix missing runtime dependencies that made spacecmd return old
versions of packages in some cases, even if newer ones were available
(bsc#1148311)
spacewalk-backend: Do not overwrite comps and module data with older
versions
Fix issue with 'dists' keyword in url hostname
Import packages from all collections of a patch not just first one
Ensure bytes type when using hashlib to avoid traceback on XMLRPC call
to 'registration.register_osad' (bsc#1138822)
Fix reposync when dealing with RedHat CDN (bsc#1138358)
Fix for CVE-2019-10136. An attacker with a valid, but expired,
authenticated set of headers could move some digits around,
artificially extending the session validity without modifying the
checksum. (bsc#1136480)
Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940)
Add journalctl output to spacewalk-debug tarballs
Prevent unnecessary triggering of channel-repodata tasks when GPG
signing is disabled (bsc#1137715)
Fix spacewalk-repo-sync for Ubuntu repositories in mirror case
(bsc#1136029)
Add support for ULN repositories on new Zypper based reposync.
Don't skip Deb package tags on package import (bsc#1130040)
For backend-libs subpackages, exclude files for the server (already
part of spacewalk-backend) to avoid conflicts (bsc#1148125)
prevent duplicate key violates on repo-sync with long changelog
entries (bsc#1144889)
spacewalk-remote-utils: Add RHEL8
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130040");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135881");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136480");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138313");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138358");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138494");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1139453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1142038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1143856");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1144155");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1144889");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1148125");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1148177");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1148311");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10136/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20192317-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?497610fc");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Manager Tools 15:zypper in -t patch
SUSE-SLE-Manager-Tools-15-2019-2317=1
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2317=1
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2019-2317=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10136");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/02");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:golang-github-prometheus-alertmanager");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:golang-github-prometheus-prometheus");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"0", reference:"golang-github-prometheus-alertmanager-0.16.2-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"golang-github-prometheus-prometheus-2.11.1-3.6.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"golang-github-prometheus-alertmanager-0.16.2-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"golang-github-prometheus-prometheus-2.11.1-3.6.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUSE Manager Client Tools");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10136
www.nessus.org/u?497610fc
bugzilla.suse.com/show_bug.cgi?id=1130040
bugzilla.suse.com/show_bug.cgi?id=1135881
bugzilla.suse.com/show_bug.cgi?id=1136029
bugzilla.suse.com/show_bug.cgi?id=1136480
bugzilla.suse.com/show_bug.cgi?id=1137715
bugzilla.suse.com/show_bug.cgi?id=1137940
bugzilla.suse.com/show_bug.cgi?id=1138313
bugzilla.suse.com/show_bug.cgi?id=1138358
bugzilla.suse.com/show_bug.cgi?id=1138494
bugzilla.suse.com/show_bug.cgi?id=1138822
bugzilla.suse.com/show_bug.cgi?id=1139453
bugzilla.suse.com/show_bug.cgi?id=1142038
bugzilla.suse.com/show_bug.cgi?id=1143856
bugzilla.suse.com/show_bug.cgi?id=1144155
bugzilla.suse.com/show_bug.cgi?id=1144889
bugzilla.suse.com/show_bug.cgi?id=1148125
bugzilla.suse.com/show_bug.cgi?id=1148177
bugzilla.suse.com/show_bug.cgi?id=1148311
www.suse.com/security/cve/CVE-2019-10136/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
22.7%