Fedora 24 : chromium (2016-e9798eaaa3)

2016-08-15T00:00:00
ID FEDORA_2016-E9798EAAA3.NASL
Type nessus
Reporter Tenable
Modified 2016-10-18T00:00:00

Description

On 2016-08-04 Google released Chrome 52.0.2743.116 which fixes at least 8 security issues: CVE-2016-5141, CVE-2016-5142, CVE-2016-5139, CVE-2016-5140, CVE-2016-5145, CVE-2016-5143 and CVE-2016-5144.

Additionally, this update :

  • Splits libmedia and libffmpeg into the libs-media subpackage, so that it can be replaced by non-Fedora repos to provide additional codecs.

  • Enables gtk3 support

  • Adds additional ICU Text codec aliases (from openSUSE via Russian Fedora)

  • Uses PIE in the Linux sandbox (from openSUSE via Russian Fedora)

  • Enables ARM CPU detection for webrtc (from archlinux via Russian Fedora)

  • Does not force -m32 in icu compile on ARM (from archlinux via Russian Fedora)

  • Enables fpic on linux

  • Enables hidpi

  • Enables touch_ui

  • Adds chromedriver subpackage (from Russian Fedora)

  • Sets default master_preferences location to /etc/chromium (and includes master_preferences file)

  • Creates PepperFlash directory where plugin needs to live if user has it

  • Improves translations in chromium-browser.desktop (from Russian Fedora)

  • Improves translation in Appinfo xml file (thanks to Richard Hughes)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2016-e9798eaaa3.
#

include("compat.inc");

if (description)
{
  script_id(92962);
  script_version("$Revision: 2.4 $");
  script_cvs_date("$Date: 2016/10/18 17:03:08 $");

  script_cve_id("CVE-2016-5139", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5142", "CVE-2016-5143", "CVE-2016-5144", "CVE-2016-5145");
  script_xref(name:"FEDORA", value:"2016-e9798eaaa3");

  script_name(english:"Fedora 24 : chromium (2016-e9798eaaa3)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"On 2016-08-04 Google released Chrome 52.0.2743.116 which fixes at
least 8 security issues: CVE-2016-5141, CVE-2016-5142, CVE-2016-5139,
CVE-2016-5140, CVE-2016-5145, CVE-2016-5143 and CVE-2016-5144. 

Additionally, this update :

  - Splits libmedia and libffmpeg into the libs-media
    subpackage, so that it can be replaced by non-Fedora
    repos to provide additional codecs.

  - Enables gtk3 support

  - Adds additional ICU Text codec aliases (from openSUSE
    via Russian Fedora)

  - Uses PIE in the Linux sandbox (from openSUSE via Russian
    Fedora)

  - Enables ARM CPU detection for webrtc (from archlinux via
    Russian Fedora)

  - Does not force -m32 in icu compile on ARM (from
    archlinux via Russian Fedora)

  - Enables fpic on linux

  - Enables hidpi

  - Enables touch_ui

  - Adds chromedriver subpackage (from Russian Fedora)

  - Sets default master_preferences location to
    /etc/chromium (and includes master_preferences file)

  - Creates PepperFlash directory where plugin needs to live
    if user has it

  - Improves translations in chromium-browser.desktop (from
    Russian Fedora)

  - Improves translation in Appinfo xml file (thanks to
    Richard Hughes)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9798eaaa3"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected chromium package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC24", reference:"chromium-52.0.2743.116-1.fc24")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}