Lucene search
K

EulerOS Virtualization for ARM 64 3.0.2.0 : libpng (EulerOS-SA-2019-1951)

🗓️ 17 Sep 2019 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 31 Views

EulerOS ARM 64 3.0.2.0 libpng vulnerabilitie

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018
28 Jan 201917:05
ibm
IBM Security Bulletins
Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
3 Jun 202214:32
ibm
IBM Security Bulletins
Security Bulletin: IBM Tivoli Common Reporting (TCR) 2017Q3 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities
17 Jun 201815:47
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool.
12 Aug 202008:19
ibm
IBM Security Bulletins
Security Bulletin: A vulnerability in the libpng library affects IBM Cognos Metrics Manager
15 Jun 201823:19
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.
19 Jul 202221:43
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)
16 Aug 202107:01
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances.
16 Mar 202119:55
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Business Intelligence Server 2017Q3 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
15 Jun 201823:48
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
15 Jun 201823:49
ibm
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(128954);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/25");

  script_cve_id("CVE-2016-10087", "CVE-2017-12652");

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : libpng (EulerOS-SA-2019-1951)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the libpng package installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :

  - The png_set_text_2 function in libpng 0.71 before
    1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x
    before 1.5.28, and 1.6.x before 1.6.27 allows
    context-dependent attackers to cause a NULL pointer
    dereference vectors involving loading a text chunk into
    a png structure, removing the text, and then adding
    another text chunk to the structure.(CVE-2016-10087)

  - ** RESERVED ** This candidate has been reserved by an
    organization or individual that will use it when
    announcing a new security problem. When the candidate
    has been publicized, the details for this candidate
    will be provided.(CVE-2017-12652)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1951
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6a1b3671");
  script_set_attribute(attribute:"solution", value:
"Update the affected libpng packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12652");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libpng");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["libpng-1.5.13-7.1.h4"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Apr 2024 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 27.5
CVSS 37.5
CVSS 3.19.8
EPSS0.05517
SSVC
31