Fedora Local Security Checks : Fedora: Security Advisory (FEDORA-2023-d88521bfc5)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.9.2023.1008852198102995

Category: Fedora Local Security Checks

Title: Fedora: Security Advisory (FEDORA-2023-d88521bfc5)

Summary: The remote host is missing an update for the 'clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, rust-ybaas' package(s) announced via the FEDORA-2023-d88521bfc5 advisory.

Description: Summary:
The remote host is missing an update for the 'clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, rust-ybaas' package(s) announced via the FEDORA-2023-d88521bfc5 advisory.

Vulnerability Insight:
Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues:

- `tokio`: [RUSTSEC-2023-0005]([link moved to references])
- `h2`: [RUSTSEC-2023-0034]([link moved to references]) / [CVE-2023-26964]([link moved to references])
- `openssl`: [RUSTSEC-2023-0022]([link moved to references]), [RUSTSEC-2023-0023]([link moved to references]), [RUSTSEC-2023-0024]([link moved to references])

This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues.

Affected Software/OS:
'clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, rust-ybaas' package(s) on Fedora 39.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-26964
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/
https://github.com/hyperium/hyper/issues/2877

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.9.2023.1008852198102995
Category:	Fedora Local Security Checks
Title:	Fedora: Security Advisory (FEDORA-2023-d88521bfc5)
Summary:	The remote host is missing an update for the 'clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, rust-ybaas' package(s) announced via the FEDORA-2023-d88521bfc5 advisory.
Description:	Summary: The remote host is missing an update for the 'clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, rust-ybaas' package(s) announced via the FEDORA-2023-d88521bfc5 advisory. Vulnerability Insight: Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: - `tokio`: [RUSTSEC-2023-0005]([link moved to references]) - `h2`: [RUSTSEC-2023-0034]([link moved to references]) / [CVE-2023-26964]([link moved to references]) - `openssl`: [RUSTSEC-2023-0022]([link moved to references]), [RUSTSEC-2023-0023]([link moved to references]), [RUSTSEC-2023-0024]([link moved to references]) This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues. Affected Software/OS: 'clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, rust-ybaas' package(s) on Fedora 39. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-26964 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBAE7LQARMPUEEV4TWET4D7G6WCWBUD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYRZ5Y2ALATKKPIITAFAJIS4TR4LUAHO/ https://github.com/hyperium/hyper/issues/2877
Copyright	Copyright (C) 2024 Greenbone AG