Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4575.NASLHistoryNov 25, 2019 - 12:00 a.m.
Debian DSA-4575-1 : chromium - security update
2019-11-2500:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
9.1 High
AI Score
Confidence
High
Several vulnerabilities have been discovered in the chromium web browser.
-
CVE-2019-13723 Yuxiang Li discovered a use-after-free issue in the bluetooth service.
-
CVE-2019-13724 Yuxiang Li discovered an out-of-bounds read issue in the bluetooth service.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-4575. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(131249);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/10");
script_cve_id("CVE-2019-13723", "CVE-2019-13724");
script_xref(name:"DSA", value:"4575");
script_name(english:"Debian DSA-4575-1 : chromium - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"Several vulnerabilities have been discovered in the chromium web
browser.
- CVE-2019-13723
Yuxiang Li discovered a use-after-free issue in the
bluetooth service.
- CVE-2019-13724
Yuxiang Li discovered an out-of-bounds read issue in the
bluetooth service.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13723");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-13724");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/chromium");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4575");
script_set_attribute(attribute:"solution", value:
"Upgrade the chromium packages.
For the oldstable distribution (stretch), security support for the
chromium package has been discontinued.
For the stable distribution (buster), these problems have been fixed
in version 78.0.3904.108-1~deb10u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13724");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/25");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"10.0", prefix:"chromium", reference:"78.0.3904.108-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-common", reference:"78.0.3904.108-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"78.0.3904.108-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"78.0.3904.108-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"78.0.3904.108-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"78.0.3904.108-1~deb10u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | chromium | p-cpe:/a:debian:debian_linux:chromium |
| debian | debian_linux | 10.0 | cpe:/o:debian:debian_linux:10.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13724
packages.debian.org/source/buster/chromium
security-tracker.debian.org/tracker/CVE-2019-13723
security-tracker.debian.org/tracker/CVE-2019-13724
security-tracker.debian.org/tracker/source-package/chromium
www.debian.org/security/2019/dsa-4575
Related
nessus
nessus
openSUSE Security Update : chromium (openSUSE-2019-2544)
2019-11-25 00:00:00
Google Chrome < 78.0.3904.108 Multiple Vulnerabilities
2019-11-22 00:00:00
Fedora 30 : chromium (2019-00d5e55259)
2019-12-09 00:00:00
debian
debian
[SECURITY] [DSA 4575-1] chromium security update
2019-11-25 03:57:40
[SECURITY] [DSA 4575-1] chromium security update
2019-11-25 04:03:39
suse
suse
Security update for chromium (important)
2019-11-22 00:00:00
Security update for chromium (important)
2019-11-22 00:00:00
Security update for chromium (important)
2019-11-21 00:00:00
openvas
openvas
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2019-11-30 16:06:06
redhat
redhat
(RHSA-2019:3955) Important: chromium-browser security update
2019-11-25 13:46:04
osv
osv
chromium - security update
2019-11-24 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2019-11-18 00:00:00
kaspersky
kaspersky
KLA11609 Multiple vulnerabilities in Google Chrome
2019-10-21 00:00:00
KLA11717 Multiple vulnerabilities in Opera
2019-12-04 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: chromium-78.0.3904.108-1.fc30
2019-12-07 01:31:57
[SECURITY] Fedora 31 Update: chromium-78.0.3904.108-1.fc31
2019-11-30 00:58:12
ubuntucve
ubuntucve
CVE-2019-13724
2019-11-25 00:00:00
CVE-2019-13723
2019-11-25 00:00:00
cve
cve
CVE-2019-13724
2019-11-25 15:15:00
CVE-2019-13723
2019-11-25 15:15:00
redhatcve
redhatcve
CVE-2019-13724
2019-11-21 19:37:27
CVE-2019-13723
2019-11-21 19:07:24
debiancve
debiancve
CVE-2019-13724
2019-11-25 15:15:00
CVE-2019-13723
2019-11-25 15:15:00
prion
prion
Design/Logic Flaw
2019-11-25 15:15:00
Design/Logic Flaw
2019-11-25 15:15:00
cvelist
cvelist
CVE-2019-13724
2019-11-25 14:22:55
CVE-2019-13723
2019-11-25 14:22:55
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-03-13 00:00:00