Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2019.1220.2
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2019:1220-2)
Zusammenfassung:The remote host is missing an update for the 'cf-cli' package(s) announced via the SUSE-SU-2019:1220-2 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'cf-cli' package(s) announced via the SUSE-SU-2019:1220-2 advisory.

Vulnerability Insight:
This update for cf-cli fixes the following issues:

cf-cli was updated: to version 6.43.0 (bsc#1132242)

Enhancements :
`cf curl` supports a new `--fail` flag (primarily for scripting
purposes) which returns exit code `22` for server errors
[story]([link moved to references])

Improves `cf delete-orphaned-routes` such that it uses a different
endpoint, reducing the chance of a race condition when two users are
simultaneously deleting orphaned routes and associating routes with
applications [story]([link moved to references])

we've improved the speed of cf services - it now hits a single endpoint
instead of making individual API calls

Security:
CVE-2019-3781: CF CLI does not sanitize userAC/AEURA(tm)s password in
verbose/trace/debug.

Fixes issue with running cf login in verbose mode whereby passwords
which contains regex were not completely redacted

Fixes issue whilst running commands in verbose mode refresh tokens were
not completely redacted

Other Bug Fixes:
Updates help text for cf curlstory

Now refresh tokens work properly whilst using cf curl with V3 CC API
endpoints story

Fixes performance degradation for cf services story

cf delete-service requires that you are targeting a space story

cf enable-service access for a service in an org will succeed if you
have already enabled access for that service in that org story

cf-cli was updated to version 6.42.0:

Minor Enhancements:
updated `cf restage` help text and the first line in the command's
output to indicate that using this command will cause app downtime
[story]([link moved to references])

updated the `cf bind-route-service` help text to clarify usage
instructions [story]([link moved to references])

improved an error message for `cf create-service-boker` to be more
helpful when the CC API returns a `502` due to an invalid service broker
catalog

upgraded to Golang 1.11.4
[story]([link moved to references])

added a short name `ue` for `cf unset-env`
[story]([link moved to references])

updated `cf marketplace` command to include a new `broker` column to
prepare for a upcoming services-related feature which will allow
services to have the same name as long as they are associated with
different service brokers
[story]([link moved to references])

Bugs:
fix for `cf enable-service-access -p plan` whereby when we refactored
the code in CLI `v6.41.0` it created service plan visibilities as part
of a subsequent run of the command (the unrefactored code skipped
creating the service plan visibilities), now the command will skip
creating service plan visibilities as it did prior to the refactor
[story]([link moved to references])

updated the `cf rename-buildpack` help text which was missing r... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'cf-cli' package(s) on SUSE Linux Enterprise Module for CAP 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-3781
BugTraq ID: 107365
http://www.securityfocus.com/bid/107365
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.