Improve querying system fallback fonts and fix security vulnerabilities in webkit2gtk3 (2019-4213e37211
Reporter | Title | Published | Views | Family All 109 |
---|---|---|---|---|
OpenVAS | Ubuntu: Security Advisory (USN-4181-1) | 13 Nov 201900:00 | β | openvas |
OpenVAS | Debian: Security Advisory (DSA-4563-1) | 14 Nov 201900:00 | β | openvas |
OpenVAS | Fedora Update for webkit2gtk3 FEDORA-2019-4213e37211 | 17 Nov 201900:00 | β | openvas |
OpenVAS | Fedora Update for webkit2gtk3 FEDORA-2019-fa0c4b0674 | 9 Jan 202000:00 | β | openvas |
OpenVAS | Apple Safari Security Updates (HT210725) | 30 Oct 201900:00 | β | openvas |
OpenVAS | Apple iTunes Security Updates (HT210726) | 5 Nov 201900:00 | β | openvas |
OpenVAS | Apple iCloud Security Updates (HT210728) | 5 Nov 201900:00 | β | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2020:1135-1) | 19 Apr 202100:00 | β | openvas |
OpenVAS | Mageia: Security Advisory (MGASA-2019-0324) | 28 Jan 202200:00 | β | openvas |
OpenVAS | Apple iCloud Security Updates (HT210727) | 5 Nov 201900:00 | β | openvas |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-4213e37211.
#
include("compat.inc");
if (description)
{
script_id(131038);
script_version("1.4");
script_cvs_date("Date: 2019/12/24");
script_cve_id("CVE-2019-8812", "CVE-2019-8814");
script_xref(name:"FEDORA", value:"2019-4213e37211");
script_name(english:"Fedora 30 : webkit2gtk3 (2019-4213e37211)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Improve performance of querying system fallback fonts.
- Don’t use prgname in dbus-proxy socket path.
- Fix thread-safety issues in image decoders.
- Fix the build with WebDriver disabled.
- Disable accelerated compositing when we fail to
initialize the EGL dispaly under Wayland.
- Fill the objects category in emoji picker.
- Fix several crashes and rendering issues.
-
[CVE-2019-8812](https://webkitgtk.org/security/WSA-2019-
0006.html#CVE-2019-8812)
-
[CVE-2019-8814](https://webkitgtk.org/security/WSA-2019-
0006.html#CVE-2019-8814)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-4213e37211"
);
script_set_attribute(
attribute:"see_also",
value:"https://webkitgtk.org/security/WSA-2019-0006.html#CVE-2019-8814"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected webkit2gtk3 package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8814");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkit2gtk3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"webkit2gtk3-2.26.2-1.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo