Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.1146.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1146-1)
Summary:The remote host is missing an update for the 'portus' package(s) announced via the SUSE-SU-2016:1146-1 advisory.
Description:Summary:
The remote host is missing an update for the 'portus' package(s) announced via the SUSE-SU-2016:1146-1 advisory.

Vulnerability Insight:
Portus was updated to version 2.0.3, which brings several fixes and enhancements:
- Fixed crono job when a repository could not be found.
- Fixed compatibility issues with Docker 1.10 and Distribution 2.3.
- Handle multiple scopes in token requests.
- Add optional fields to token response.
- Fixed notification events for Distribution v2.3.
- Paginate through the catalog properly.
- Do not remove all the repositories if fetching one fails.
- Fixed SMTP setup.
- Don't let crono overflow the 'log' column on the DB.
- Show the actual LDAP error on invalid login.
- Fixed the location of crono logs.
- Always use relative paths.
- Set RUBYLIB when using portusctl.
- Don't count hidden teams on the admin panel.
- Warn developers on unsupported docker-compose versions.
- Directly invalidate LDAP logins without name and password.
- Don't show the 'I forgot my password' link on LDAP.
The following Rubygems bundled within Portus have been updated to fix security issues:
- CVE-2016-2098: rubygem-actionpack (bsc#969943).
- CVE-2015-7578: rails-html-sanitizer (bsc#963326).
- CVE-2015-7579: rails-html-sanitizer (bsc#963327).
- CVE-2015-7580: rails-html-sanitizer (bsc#963328).
- CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).
- CVE-2015-7577: rubygem-activerecord (bsc#963604).
- CVE-2016-0751: rugygem-actionpack (bsc#963627).
- CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).
- CVE-2016-0753: rubygem-activemodel, rubygem-activesupport,
rubygem-activerecord (bsc#963617).
- CVE-2015-7581: rubygem-actionpack (bsc#963625).

Affected Software/OS:
'portus' package(s) on SUSE Linux Enterprise Module for Containers 12

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7576
BugTraq ID: 81803
http://www.securityfocus.com/bid/81803
Debian Security Information: DSA-3464 (Google Search)
http://www.debian.org/security/2016/dsa-3464
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
http://www.openwall.com/lists/oss-security/2016/01/25/8
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ
RedHat Security Advisories: RHSA-2016:0296
http://rhn.redhat.com/errata/RHSA-2016-0296.html
http://www.securitytracker.com/id/1034816
SuSE Security Announcement: SUSE-SU-2016:1146 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
SuSE Security Announcement: openSUSE-SU-2016:0363 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
SuSE Security Announcement: openSUSE-SU-2016:0372 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7577
BugTraq ID: 81806
http://www.securityfocus.com/bid/81806
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html
http://www.openwall.com/lists/oss-security/2016/01/25/10
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ
Common Vulnerability Exposure (CVE) ID: CVE-2015-7578
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178046.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178064.html
http://www.openwall.com/lists/oss-security/2016/01/25/11
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/uh--W4TDwmI/ygHE7hlZEgAJ
SuSE Security Announcement: SUSE-SU-2016:0391 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html
SuSE Security Announcement: openSUSE-SU-2016:0356 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7579
http://www.openwall.com/lists/oss-security/2016/01/25/12
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/OU9ugTZcbjc/uksRkSxZEgAJ
Common Vulnerability Exposure (CVE) ID: CVE-2015-7580
http://www.openwall.com/lists/oss-security/2016/01/25/15
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ
Common Vulnerability Exposure (CVE) ID: CVE-2015-7581
BugTraq ID: 81677
http://www.securityfocus.com/bid/81677
http://www.openwall.com/lists/oss-security/2016/01/25/16
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ
Common Vulnerability Exposure (CVE) ID: CVE-2016-0751
BugTraq ID: 81800
http://www.securityfocus.com/bid/81800
http://www.openwall.com/lists/oss-security/2016/01/25/9
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
Common Vulnerability Exposure (CVE) ID: CVE-2016-0752
BugTraq ID: 81801
http://www.securityfocus.com/bid/81801
https://www.exploit-db.com/exploits/40561/
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
http://www.openwall.com/lists/oss-security/2016/01/25/13
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
Common Vulnerability Exposure (CVE) ID: CVE-2016-0753
BugTraq ID: 82247
http://www.securityfocus.com/bid/82247
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html
http://www.openwall.com/lists/oss-security/2016/01/25/14
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ
Common Vulnerability Exposure (CVE) ID: CVE-2016-2098
BugTraq ID: 83725
http://www.securityfocus.com/bid/83725
Debian Security Information: DSA-3509 (Google Search)
http://www.debian.org/security/2016/dsa-3509
https://www.exploit-db.com/exploits/40086/
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ
http://www.securitytracker.com/id/1035122
SuSE Security Announcement: SUSE-SU-2016:0854 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
SuSE Security Announcement: SUSE-SU-2016:0867 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html
SuSE Security Announcement: SUSE-SU-2016:0967 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
SuSE Security Announcement: openSUSE-SU-2016:0790 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html
SuSE Security Announcement: openSUSE-SU-2016:0835 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.