Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-2057.NASLHistorySep 28, 2020 - 12:00 a.m.
EulerOS 2.0 SP3 : cairo (EulerOS-SA-2020-2057)
2020-09-2800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7 High
AI Score
Confidence
High
According to the versions of the cairo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function
_cairo_arc_in_direction in the file cairo-arc.c.(CVE-2019-6461) -
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to
_arc_max_angle_for_tolerance_normalized.(CVE-2019-6462)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(140824);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/19");
script_cve_id("CVE-2019-6461", "CVE-2019-6462");
script_name(english:"EulerOS 2.0 SP3 : cairo (EulerOS-SA-2020-2057)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the cairo packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- An issue was discovered in cairo 1.16.0. There is an
assertion problem in the function
_cairo_arc_in_direction in the file
cairo-arc.c.(CVE-2019-6461)
- An issue was discovered in cairo 1.16.0. There is an
infinite loop in the function _arc_error_normalized in
the file cairo-arc.c, related to
_arc_max_angle_for_tolerance_normalized.(CVE-2019-6462)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2057
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6428b270");
script_set_attribute(attribute:"solution", value:
"Update the affected cairo packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6462");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cairo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cairo-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cairo-gobject");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cairo-gobject-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["cairo-1.14.2-1.h5",
"cairo-devel-1.14.2-1.h5",
"cairo-gobject-1.14.2-1.h5",
"cairo-gobject-devel-1.14.2-1.h5"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cairo");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | cairo | p-cpe:/a:huawei:euleros:cairo |
| huawei | euleros | cairo-devel | p-cpe:/a:huawei:euleros:cairo-devel |
| huawei | euleros | cairo-gobject | p-cpe:/a:huawei:euleros:cairo-gobject |
| huawei | euleros | cairo-gobject-devel | p-cpe:/a:huawei:euleros:cairo-gobject-devel |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2020-2540)
2020-12-15 00:00:00
Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2020-2057)
2020-09-29 00:00:00
Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2021-1461)
2021-03-05 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : cairo (EulerOS-SA-2020-2540)
2020-12-15 00:00:00
EulerOS Virtualization 3.0.6.6 : cairo (EulerOS-SA-2021-1461)
2021-03-10 00:00:00
Photon OS 1.0: Cairo PHSA-2019-1.0-0220
2019-05-15 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0145
2019-03-28 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0145
2019-03-28 00:00:00
Important Photon OS Security Update - PHSA-2019-0008
2019-03-29 00:00:00
alpinelinux
alpinelinux
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
osv
osv
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
cairo vulnerabilities
2022-05-10 14:15:51
redhatcve
redhatcve
CVE-2019-6461
2020-04-06 16:57:21
CVE-2019-6462
2020-03-31 08:23:45
veracode
veracode
Denial Of Service (DoS)
2019-01-17 05:10:04
Denial Of Service (DoS)
2019-01-17 04:55:57
ubuntucve
ubuntucve
CVE-2019-6461
2019-01-16 00:00:00
CVE-2019-6462
2019-01-16 00:00:00
cve
cve
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
debiancve
debiancve
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
prion
prion
Design/Logic Flaw
2019-01-16 18:29:00
Design/Logic Flaw
2019-01-16 18:29:00
cbl_mariner
cbl_mariner
CVE-2019-6461 affecting package cairo 1.16.0-5
2021-05-06 23:57:13
CVE-2019-6462 affecting package cairo 1.16.0-5
2021-05-06 23:57:13
mageia
mageia
Updated cairo packages fix security vulnerability
2021-10-29 22:32:22
ubuntu
ubuntu
Cairo vulnerabilities
2022-05-10 00:00:00
