Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-615.NASL
HistorySep 09, 2016 - 12:00 a.m.

Debian DLA-615-1 : icu security update

2016-09-0900:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

This update fixes a buffer overflow in the uloc_acceptLanguageFromHTTP function in ICU, the International Components for Unicode C and C++ library, in Debian Wheezy

For Debian 7 ‘Wheezy’, these problems have been fixed in version 4.8.1.1-12+deb7u5.

We recommend that you upgrade your icu packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-615-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93386);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-6293");

  script_name(english:"Debian DLA-615-1 : icu security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes a buffer overflow in the uloc_acceptLanguageFromHTTP
function in ICU, the International Components for Unicode C and C++
library, in Debian Wheezy

For Debian 7 'Wheezy', these problems have been fixed in version
4.8.1.1-12+deb7u5.

We recommend that you upgrade your icu packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2016/09/msg00007.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/icu"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icu-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libicu-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libicu48");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libicu48-dbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"icu-doc", reference:"4.8.1.1-12+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libicu-dev", reference:"4.8.1.1-12+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libicu48", reference:"4.8.1.1-12+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libicu48-dbg", reference:"4.8.1.1-12+deb7u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxicu-docp-cpe:/a:debian:debian_linux:icu-doc
debiandebian_linuxlibicu-devp-cpe:/a:debian:debian_linux:libicu-dev
debiandebian_linuxlibicu48p-cpe:/a:debian:debian_linux:libicu48
debiandebian_linuxlibicu48-dbgp-cpe:/a:debian:debian_linux:libicu48-dbg
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

redhatcve 1
cve 1
openvas 17
prion 1
mageia 1
nessus 22
debian 3
fedora 2
ibm 5
debiancve 1
alpinelinux 1
ubuntucve 1
gentoo 1
cloudfoundry 1
ubuntu 1
osv 1
suse 1
photon 1
oracle 1
redhatcve
redhatcve
CVE-2016-6293
2016-07-26 13:18:23
cve
cve
CVE-2016-6293
2016-07-25 14:59:00
openvas
openvas
Fedora Update for icu FEDORA-2016-a2b9adcd5c
2016-12-02 00:00:00
Fedora Update for icu FEDORA-2016-81613d042d
2016-12-07 00:00:00
Mageia: Security Advisory (MGASA-2016-0314)
2022-01-28 00:00:00
prion
prion
Out-of-bounds
2016-07-25 14:59:00
mageia
mageia
Updated icu packages fix security vulnerability
2016-09-21 23:38:22
nessus
nessus
Fedora 24 : icu (2016-a2b9adcd5c)
2016-11-08 00:00:00
Fedora 25 : icu (2016-81613d042d)
2016-11-21 00:00:00
GLSA-201701-58 : ICU: Multiple vulnerabilities
2017-01-25 00:00:00
debian
debian
[SECURITY] [DLA 615-1] icu security update
2016-09-08 13:53:54
[SECURITY] [DSA 3725-1] icu security update
2016-11-27 17:39:59
[SECURITY] [DSA 3725-1] icu security update
2016-11-27 17:40:16
fedora
fedora
[SECURITY] Fedora 25 Update: icu-57.1-2.fc25
2016-11-19 21:45:36
[SECURITY] Fedora 24 Update: icu-56.1-5.fc24
2016-11-07 23:33:34
ibm
ibm
Security Bulletin: Vulnerability in ICU4C affects IBM Tealeaf Customer Experience (CVE-2016-6293)
2018-06-16 20:06:40
Security Bulletin: OpenSource ICU4C Vulnernabilities in IBM eDiscovery Manager
2018-06-17 12:17:38
Security Bulletin:OpenSource ICU4C Vulnernabilties in IBM eDiscovery Analyzer
2018-06-17 12:17:39
debiancve
debiancve
CVE-2016-6293
2016-07-25 14:59:00
alpinelinux
alpinelinux
CVE-2016-6293
2016-07-25 14:59:00
ubuntucve
ubuntucve
CVE-2016-6293
2016-07-25 00:00:00
gentoo
gentoo
ICU: Multiple vulnerabilities
2017-01-24 00:00:00
cloudfoundry
cloudfoundry
USN-3227-1: ICU vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
ubuntu
ubuntu
ICU vulnerabilities
2017-03-13 00:00:00
osv
osv
icu - security update
2016-11-27 00:00:00
suse
suse
Security update for icu (moderate)
2018-05-25 11:33:28
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0288
2020-10-10 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
JSON
Related for DEBIAN_DLA-615.NASL
redhatcve1cve1openvas17prion1mageia1nessus22debian3fedora2ibm5debiancve1alpinelinux1ubuntucve1gentoo1cloudfoundry1ubuntu1osv1suse1photon1oracle1