CentOS 7 : fribidi (CESA-2019:4326)

🗓️ 27 Dec 2019 00:00:00Reported by TenableType

Security update for fribidi library on Red Hat Enterprise Linux 7 for handling bidirectional scripts and fixing buffer overflow

Reporter	Title	Published	Views	Family All 86
Tenable Nessus	Amazon Linux 2 : fribidi (ALAS-2020-1434)	4 Jun 202000:00	–	nessus
Tenable Nessus	CentOS 8 : fribidi (CESA-2019:4361)	29 Jan 202100:00	–	nessus
Tenable Nessus	Debian DSA-4561-1 : fribidi - security update	8 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : fribidi (EulerOS-SA-2020-1149)	25 Feb 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : fribidi (EulerOS-SA-2020-1351)	2 Apr 202000:00	–	nessus
Tenable Nessus	Fedora 30 : fribidi (2019-533a72fec5)	20 Dec 201900:00	–	nessus
Tenable Nessus	Fedora 31 : fribidi (2019-7075bc4ff8)	18 Dec 201900:00	–	nessus
Tenable Nessus	GLSA-202003-41 : GNU FriBidi: Heap-based buffer overflow	20 Mar 202000:00	–	nessus
Tenable Nessus	MiracleLinux 7 : fribidi-1.0.2-1.el7.1 (AXSA:2019-4416:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : fribidi Vulnerability (NS-SA-2019-0264)	31 Dec 201900:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2019:4326 and 
# CentOS Errata and Security Advisory 2019:4326 respectively.
#

include("compat.inc");

if (description)
{
  script_id(132405);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/31");

  script_cve_id("CVE-2019-18397");
  script_xref(name:"RHSA", value:"2019:4326");

  script_name(english:"CentOS 7 : fribidi (CESA-2019:4326)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for fribidi is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

A library to handle bidirectional scripts (for example Hebrew,
Arabic), so that the display is done in the proper way, while the text
data itself is always written in logical order.

Security Fix(es) :

* fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in
lib/ fribidi-bidi.c leading to denial of service and possible code
execution (CVE-2019-18397)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section."
  );
  # https://lists.centos.org/pipermail/centos-announce/2019-December/035591.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?987ca827"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected fribidi packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18397");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:fribidi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:fribidi-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"fribidi-1.0.2-1.el7_7.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"fribidi-devel-1.0.2-1.el7_7.1")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fribidi / fribidi-devel");
}

31 Dec 2019 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 26.8

CVSS 3.17.8

EPSS0.00682