10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2023.0005");
script_cve_id("CVE-2022-35978");
script_tag(name:"creation_date", value:"2023-03-28 00:26:44 +0000 (Tue, 28 Mar 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-17 14:16:24 +0000 (Wed, 17 Aug 2022)");
script_name("Mageia: Security Advisory (MGASA-2023-0005)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA8");
script_xref(name:"Advisory-ID", value:"MGASA-2023-0005");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2023-0005.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=31363");
script_xref(name:"URL", value:"https://blog.minetest.net/2022/08/04/5.6.0-released/");
script_xref(name:"URL", value:"https://dev.minetest.net/Changelog#5.4.0_.E2.86.92_5.5.0");
script_xref(name:"URL", value:"https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0");
script_xref(name:"URL", value:"https://dev.minetest.net/Changelog#5.6.0_.E2.86.92_5.6.1");
script_xref(name:"URL", value:"https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc");
script_tag(name:"summary", value:"The remote host is missing an update for the 'minetest' package(s) announced via the MGASA-2023-0005 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update provides minetest 5.6.1, the latest stable release of the open
source voxel game. This updates provides a number of feature and bug fix
changes compared to the previous version 5.4.0 provided in Mageia 8. See
the linked release notes and changelogs for details.
The update also improves compatibility with hosted game servers, which
typically run and expect the latest stable release.
The update also fixes a security vulnerability affecting single player
with malicious mods (GHSA-663q-pcjw-27cc)
In single player, a mod could set a global setting that controls the Lua
script loaded to display the main menu. The script would be loaded as soon
as the game session is exited. The Lua environment the menu runs in was
not sandboxed and could directly interfere with the user's system.
(CVE-2022-35978)");
script_tag(name:"affected", value:"'minetest' package(s) on Mageia 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA8") {
if(!isnull(res = isrpmvuln(pkg:"minetest", rpm:"minetest~5.6.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
advisories.mageia.org/MGASA-2023-0005.html
blog.minetest.net/2022/08/04/5.6.0-released/
bugs.mageia.org/show_bug.cgi?id=31363
dev.minetest.net/Changelog#5.4.0_.E2.86.92_5.5.0
dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
dev.minetest.net/Changelog#5.6.0_.E2.86.92_5.6.1
github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
MGASA-2023-0005
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.1%