CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
71.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833564");
script_version("2024-05-16T05:05:35+0000");
script_cve_id("CVE-2023-40030");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-31 14:35:56 +0000 (Thu, 31 Aug 2023)");
script_tag(name:"creation_date", value:"2024-03-04 07:34:53 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for rust, rust1.72 (SUSE-SU-2023:3722-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.4|openSUSELeap15\.5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3722-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/5GMVLOYUX6AOVYD27ER4N5L33BENLMWG");
script_tag(name:"summary", value:"The remote host is missing an update for the 'rust, rust1.72'
package(s) announced via the SUSE-SU-2023:3722-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for rust, rust1.72 fixes the following issues:
Changes in rust:
* Update to version 1.72.0 - for details see the rust1.72 package
Changes in rust1.72:
* CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)
# Version 1.72.0 (2023-08-24)
## Language
* Replace const eval limit by a lint and add an exponential backoff warning
* expand: Change how `#![cfg(FALSE)]` behaves on create root
* Stabilize inline asm for LoongArch64
* Uplift `clippy::undropped_manually_drops` lint
* Uplift `clippy::invalid_utf8_in_unchecked` lint
* Uplift `clippy::cast_ref_to_mut` lint
* Uplift `clippy::cmp_nan` lint
* resolve: Remove artificial import ambiguity errors
* Don't require associated types with Self: Sized bounds in `dyn Trait`
objects
## Compiler
* Remember names of `cfg`-ed out items to mention them in diagnostics
* Support for native WASM exceptions
* Add support for NetBSD/aarch64-be (big-endian arm64).
* Write to stdout if `-` is given as output file
* Force all native libraries to be statically linked when linking a static
binary
* Add Tier 3 support for `loongarch64-unknown-none*`
* Prevent `.eh_frame` from being emitted for `-C panic=abort`
* Support 128-bit enum variant in debuginfo codegen
* compiler: update solaris/illumos to enable tsan support.
Refer to Rust's platform support page for more information on Rust's tiered
platform support.
## Libraries
* Document memory orderings of `thread::{park, unpark}`
* io: soften at most one write attempt requirement in io::Write::write
* Specify behavior of HashSet::insert
* Relax implicit `T: Sized` bounds on `BufReader& lt T& gt `,
`BufWriter& lt T& gt ` and `LineWriter& lt T& gt `
* Update runtime guarantee for `select_nth_unstable`
* Return `Ok` on kill if process has already exited
* Implement PartialOrd for `Vec`s over different allocators
* Use 128 bits for TypeId hash
* Don't drain-on-drop in DrainFilter impls of various collections.
* Make `{Arc, Rc, Weak}::ptr_eq` ignore pointer metadata
## Rustdoc
* Allow whitespace as path separator like double colon
* Add search result item types after their name
* Search for slices and arrays by type with `[]`
* Clean up type unification and 'unboxing'
## Stabilized APIs
* `impl& lt T: Send& gt Sync for mpsc::Sender& lt T& gt `
* `impl TryFrom& lt & amp OsStr& gt for & amp str`
* `String::leak`
These ...
Description truncated. Please see the references for more information.");
script_tag(name:"affected", value:"'rust, rust1.72' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"cargo1.72", rpm:"cargo1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo1.72-debuginfo", rpm:"cargo1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72-debuginfo", rpm:"rust1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo", rpm:"cargo~1.72.0~150400.24.24.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust", rpm:"rust~1.72.0~150400.24.24.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72", rpm:"rust1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72-test", rpm:"rust1.72-test~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo1.72", rpm:"cargo1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo1.72-debuginfo", rpm:"cargo1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72-debuginfo", rpm:"rust1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo", rpm:"cargo~1.72.0~150400.24.24.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust", rpm:"rust~1.72.0~150400.24.24.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72", rpm:"rust1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72-test", rpm:"rust1.72-test~1.72.0~150400.9.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeap15.5") {
if(!isnull(res = isrpmvuln(pkg:"cargo1.72", rpm:"cargo1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo1.72-debuginfo", rpm:"cargo1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72-debuginfo", rpm:"rust1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo", rpm:"cargo~1.72.0~150400.24.24.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust", rpm:"rust~1.72.0~150400.24.24.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72", rpm:"rust1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo1.72", rpm:"cargo1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo1.72-debuginfo", rpm:"cargo1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72-debuginfo", rpm:"rust1.72-debuginfo~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo", rpm:"cargo~1.72.0~150400.24.24.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust", rpm:"rust~1.72.0~150400.24.24.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust1.72", rpm:"rust1.72~1.72.0~150400.9.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
71.3%