Lucene search

K

Fedora 30 : webkit2gtk3 (2019-4213e37211)

πŸ—“οΈΒ 15 Nov 2019Β 00:00:00Reported byΒ This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 37Β Views

Improve querying system fallback fonts and fix security vulnerabilities in webkit2gtk3 (2019-4213e37211

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
Ubuntu: Security Advisory (USN-4181-1)
13 Nov 201900:00
–openvas
OpenVAS
Debian: Security Advisory (DSA-4563-1)
14 Nov 201900:00
–openvas
OpenVAS
Fedora Update for webkit2gtk3 FEDORA-2019-4213e37211
17 Nov 201900:00
–openvas
OpenVAS
Fedora Update for webkit2gtk3 FEDORA-2019-fa0c4b0674
9 Jan 202000:00
–openvas
OpenVAS
Apple Safari Security Updates (HT210725)
30 Oct 201900:00
–openvas
OpenVAS
Apple iTunes Security Updates (HT210726)
5 Nov 201900:00
–openvas
OpenVAS
Apple iCloud Security Updates (HT210728)
5 Nov 201900:00
–openvas
OpenVAS
SUSE: Security Advisory (SUSE-SU-2020:1135-1)
19 Apr 202100:00
–openvas
OpenVAS
Mageia: Security Advisory (MGASA-2019-0324)
28 Jan 202200:00
–openvas
OpenVAS
Apple iCloud Security Updates (HT210727)
5 Nov 201900:00
–openvas
Rows per page
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-4213e37211.
#

include("compat.inc");

if (description)
{
  script_id(131038);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/24");

  script_cve_id("CVE-2019-8812", "CVE-2019-8814");
  script_xref(name:"FEDORA", value:"2019-4213e37211");

  script_name(english:"Fedora 30 : webkit2gtk3 (2019-4213e37211)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Improve performance of querying system fallback fonts.

  - Don’t use prgname in dbus-proxy socket path.

  - Fix thread-safety issues in image decoders.

  - Fix the build with WebDriver disabled.

  - Disable accelerated compositing when we fail to
    initialize the EGL dispaly under Wayland.

  - Fill the objects category in emoji picker.

  - Fix several crashes and rendering issues.

  -
    [CVE-2019-8812](https://webkitgtk.org/security/WSA-2019-
    0006.html#CVE-2019-8812)

  -
    [CVE-2019-8814](https://webkitgtk.org/security/WSA-2019-
    0006.html#CVE-2019-8814)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-4213e37211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://webkitgtk.org/security/WSA-2019-0006.html#CVE-2019-8814"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected webkit2gtk3 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8814");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkit2gtk3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"webkit2gtk3-2.26.2-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo