8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.9%
Update to Chromium 71. Fixes CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-859384e002.
#
include('compat.inc');
if (description)
{
script_id(120966);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");
script_cve_id(
"CVE-2018-17480",
"CVE-2018-17481",
"CVE-2018-18335",
"CVE-2018-18336",
"CVE-2018-18337",
"CVE-2018-18338",
"CVE-2018-18339",
"CVE-2018-18340",
"CVE-2018-18341",
"CVE-2018-18342",
"CVE-2018-18343",
"CVE-2018-18344",
"CVE-2018-18345",
"CVE-2018-18346",
"CVE-2018-18347",
"CVE-2018-18348",
"CVE-2018-18349",
"CVE-2018-18350",
"CVE-2018-18351",
"CVE-2018-18352",
"CVE-2018-18353",
"CVE-2018-18354",
"CVE-2018-18355",
"CVE-2018-18356",
"CVE-2018-18357",
"CVE-2018-18358",
"CVE-2018-18359"
);
script_xref(name:"FEDORA", value:"2019-859384e002");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");
script_name(english:"Fedora 29 : chromium (2019-859384e002)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Update to Chromium 71. Fixes CVE-2018-17480 CVE-2018-17481
CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338
CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342
CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346
CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350
CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354
CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358
CVE-2018-18359
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-859384e002");
script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC29", reference:"chromium-71.0.3578.98-1.fc29")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | chromium | p-cpe:/a:fedoraproject:fedora:chromium |
fedoraproject | fedora | 29 | cpe:/o:fedoraproject:fedora:29 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18337
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18359
bodhi.fedoraproject.org/updates/FEDORA-2019-859384e002
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.9%