Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2772.NASL
HistoryOct 01, 2021 - 12:00 a.m.

Debian DLA-2772-1 : taglib - LTS security update

2021-10-0100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

7.9 High

AI Score

Confidence

High

JSON

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2772 advisory.

  • In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. (CVE-2017-12678)

  • The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. (CVE-2018-11439)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-2772. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(153810);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/29");

  script_cve_id("CVE-2017-12678", "CVE-2018-11439");

  script_name(english:"Debian DLA-2772-1 : taglib - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-2772 advisory.

  - In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast
    vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified
    other impact via a crafted audio file. (CVE-2017-12678)

  - The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to
    cause information disclosure (heap-based buffer over-read) via a crafted audio file. (CVE-2018-11439)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871511");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/taglib");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2021/dla-2772");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-12678");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-11439");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/taglib");
  script_set_attribute(attribute:"solution", value:
"Upgrade the taglib packages.

For Debian 9 stretch, these problems have been fixed in version 1.11.1+dfsg.1-0.3+deb9u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12678");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtag1-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtag1-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtag1v5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtag1v5-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtagc0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtagc0-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(9)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '9.0', 'prefix': 'libtag1-dev', 'reference': '1.11.1+dfsg.1-0.3+deb9u1'},
    {'release': '9.0', 'prefix': 'libtag1-doc', 'reference': '1.11.1+dfsg.1-0.3+deb9u1'},
    {'release': '9.0', 'prefix': 'libtag1v5', 'reference': '1.11.1+dfsg.1-0.3+deb9u1'},
    {'release': '9.0', 'prefix': 'libtag1v5-vanilla', 'reference': '1.11.1+dfsg.1-0.3+deb9u1'},
    {'release': '9.0', 'prefix': 'libtagc0', 'reference': '1.11.1+dfsg.1-0.3+deb9u1'},
    {'release': '9.0', 'prefix': 'libtagc0-dev', 'reference': '1.11.1+dfsg.1-0.3+deb9u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtag1-dev / libtag1-doc / libtag1v5 / libtag1v5-vanilla / libtagc0 / etc');
}
VendorProductVersionCPE
debiandebian_linuxlibtag1-devp-cpe:/a:debian:debian_linux:libtag1-dev
debiandebian_linuxlibtag1-docp-cpe:/a:debian:debian_linux:libtag1-doc
debiandebian_linuxlibtag1v5p-cpe:/a:debian:debian_linux:libtag1v5
debiandebian_linuxlibtag1v5-vanillap-cpe:/a:debian:debian_linux:libtag1v5-vanilla
debiandebian_linuxlibtagc0p-cpe:/a:debian:debian_linux:libtagc0
debiandebian_linuxlibtagc0-devp-cpe:/a:debian:debian_linux:libtagc0-dev
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

Related

openvas 7
nessus 21
debian 2
osv 4
fedora 4
prion 2
cbl_mariner 2
ubuntucve 2
suse 1
alpinelinux 2
cve 2
mageia 2
debiancve 2
redhatcve 2
oraclelinux 1
amazon 1
freebsd 1
centos 1
redhat 1
openvas
openvas
Huawei EulerOS: Security Advisory for taglib (EulerOS-SA-2019-2482)
2020-01-23 00:00:00
openSUSE: Security Advisory for taglib (openSUSE-SU-2018:1686-1)
2018-06-14 00:00:00
Huawei EulerOS: Security Advisory for taglib (EulerOS-SA-2019-2672)
2020-01-23 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : taglib (EulerOS-SA-2019-2482)
2019-12-04 00:00:00
Amazon Linux 2 : taglib (ALAS-2020-1460)
2020-07-20 00:00:00
Fedora 25 : taglib (2017-2317191f8a)
2017-09-01 00:00:00
debian
debian
[SECURITY] [DLA 2772-1] taglib security update
2021-09-30 20:45:14
[SECURITY] [DLA 1430-1] taglib security update
2018-07-18 20:08:34
osv
osv
taglib - security update
2021-09-30 00:00:00
CVE-2017-12678
2017-08-08 01:34:00
taglib - security update
2018-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: mingw-taglib-1.11.1-4.fc27
2017-11-11 03:23:19
[SECURITY] Fedora 26 Update: taglib-1.11.1-5.fc26
2017-08-24 15:53:24
[SECURITY] Fedora 27 Update: mingw-taglib-1.11.1-4.fc27
2017-11-11 13:41:22
prion
prion
Null pointer dereference
2017-08-08 01:34:00
Heap overflow
2018-05-30 13:29:00
cbl_mariner
cbl_mariner
CVE-2017-12678 affecting package taglib 1.11.1-13
2023-09-28 12:35:58
CVE-2018-11439 affecting package taglib 1.11.1-13
2023-09-28 12:35:58
ubuntucve
ubuntucve
CVE-2017-12678
2017-08-08 00:00:00
CVE-2018-11439
2018-05-30 00:00:00
suse
suse
opensuse-security@xxxxxxxxxxxx</li> <li><span class="identifier"> Date</span>: Wed, 13 Jun 2018 18:07:57 +0200 (CEST)</li> <li><span class="identifier"> Message-id</span>: &lt;<a href="msg00024.html">[email protected]</a>&gt;</li> </ul> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> </div> <div class="body"> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> openSUSE Security Update: Security update for taglib<br> ______________________________________________________________________________<br> <br> Announcement ID: openSUSE-SU-2018:1686-1<br> Rating: low<br> References: #1096180 <br> Cross-References: CVE-2018-11439<br> Affected Products:<br> openSUSE Leap 42.3<br> openSUSE Leap 15.0<br> ______________________________________________________________________________<br> <br> An update that fixes one vulnerability is now available.<br> <br> Description:<br> <br> This update for taglib fixes this security issues:<br> <br> - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed<br> remote attackers to cause information disclosure (heap-based buffer<br> over-read) via a crafted audio file (bsc#1096180).<br> <br> <br> Patch Instructions:<br> <br> To install this openSUSE Security Update use the SUSE recommended <br> installation methods<br> like YaST online_update or &quot;zypper patch&quot;.<br> <br> Alternatively you can run the command listed for your product:<br> <br> - openSUSE Leap 42.3:<br> <br> zypper in -t patch openSUSE-2018-627=1<br> <br> - openSUSE Leap 15.0:<br> <br> zypper in -t patch openSUSE-2018-627=1<br> <br> <br> <br> Package List:<br> <br> - openSUSE Leap 42.3 (i586 x86_64):<br> <br> libtag-devel-1.11-8.1<br> libtag1-1.11-8.1<br> libtag1-debuginfo-1.11-8.1<br> libtag_c0-1.11-8.1<br> libtag_c0-debuginfo-1.11-8.1<br> taglib-1.11-8.1<br> taglib-debuginfo-1.11-8.1<br> taglib-debugsource-1.11-8.1<br> <br> - openSUSE Leap 42.3 (x86_64):<br> <br> libtag1-32bit-1.11-8.1<br> libtag1-debuginfo-32bit-1.11-8.1<br> libtag_c0-32bit-1.11-8.1<br> libtag_c0-debuginfo-32bit-1.11-8.1<br> <br> - openSUSE Leap 15.0 (i586 x86_64):<br> <br> libtag-devel-1.11.1-lp150.3.3.1<br> libtag1-1.11.1-lp150.3.3.1<br> libtag1-debuginfo-1.11.1-lp150.3.3.1<br> libtag_c0-1.11.1-lp150.3.3.1<br> libtag_c0-debuginfo-1.11.1-lp150.3.3.1<br> taglib-1.11.1-lp150.3.3.1<br> taglib-debuginfo-1.11.1-lp150.3.3.1<br> taglib-debugsource-1.11.1-lp150.3.3.1<br> <br> - openSUSE Leap 15.0 (x86_64):<br> <br> libtag1-32bit-1.11.1-lp150.3.3.1<br> libtag1-32bit-debuginfo-1.11.1-lp150.3.3.1<br> libtag_c0-32bit-1.11.1-lp150.3.3.1<br> libtag_c0-32bit-debuginfo-1.11.1-lp150.3.3.1<br> <br> <br> References:<br> <br> <a rel="nofollow" href="https://www.suse.com/security/cve/CVE-2018-11439.html">https://www.suse.com/security/cve/CVE-2018-11439.html</a><br> <a rel="nofollow" href="https://bugzilla.suse.com/1096180">https://bugzilla.suse.com/1096180</a><br> <br> -- <br> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx<br> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx<br> <br> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!-- SwishCommand noindex --> </div> <table class="bodynav"> <tr> <td align="left"> &lt; Previous </td> <td align="right"> Next &gt; </td> </tr> </table> </div> <div class="visualClear"></div> </div> </div> </div> <div id="column-one"> <a name="indexes"></a> <div class="portlet" id="p-topnav"> <div class="pBody"> <ul> <li><a href="threads.html">Thread Index</a></li> <li><a href="author.html">Author Index</a></li> <li><a href="date.html">Date Index</a></li> <li><a href="all.html">All Messages</a></li> </ul> </div> </div> <div class="portlet" id="p-logo"> <a style="background-image: url(/skins/opensuse/opensuse.gif);" href="../" title="Back"></a> </div> <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> <a name="search"></a> <div id="p-search" class="portlet" style="white-space: nowrap;"> <h5><label for="searchInput">Search this list</label> (Security update for taglib</h5> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <ul> <li><span class="identifier"> From</span>)
2018-06-13 18:07:57
alpinelinux
alpinelinux
CVE-2018-11439
2018-05-30 13:29:00
CVE-2017-12678
2017-08-08 01:34:00
cve
cve
CVE-2017-12678
2017-08-08 01:34:00
CVE-2018-11439
2018-05-30 13:29:00
mageia
mageia
Updated taglib packages fix security vulnerability
2017-08-19 13:54:02
Updated taglib packages fix security vulnerability
2018-07-01 20:17:14
debiancve
debiancve
CVE-2017-12678
2017-08-08 01:34:00
CVE-2018-11439
2018-05-30 13:29:00
redhatcve
redhatcve
CVE-2017-12678
2017-08-22 11:48:41
CVE-2018-11439
2018-05-31 20:48:57
oraclelinux
oraclelinux
taglib security update
2020-04-06 00:00:00
amazon
amazon
Low: taglib
2020-07-14 02:47:00
freebsd
freebsd
taglib -- heap-based buffer over-read via a crafted audio file
2018-05-28 00:00:00
centos
centos
taglib security update
2020-04-08 19:27:11
redhat
redhat
(RHSA-2020:1175) Low: taglib security update
2020-03-31 09:28:22

7.9 High

AI Score

Confidence

High

JSON
Related for DEBIAN_DLA-2772.NASL
openvas7nessus21debian2osv4fedora4prion2cbl_mariner2ubuntucve2suse1alpinelinux2cve2mageia2debiancve2redhatcve2oraclelinux1amazon1freebsd1centos1redhat1