Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-330.NASL
HistoryMar 14, 2016 - 12:00 a.m.

openSUSE Security Update : Chromium (openSUSE-2016-330)

2016-03-1400:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

Chromium was updated to 49.0.2623.75 to fix the following security issues: (boo#969333)

  • CVE-2016-1630: Same-origin bypass in Blink

  • CVE-2016-1631: Same-origin bypass in Pepper Plugin

  • CVE-2016-1632: Bad cast in Extensions

  • CVE-2016-1633: Use-after-free in Blink

  • CVE-2016-1634: Use-after-free in Blink

  • CVE-2016-1635: Use-after-free in Blink

  • CVE-2016-1636: SRI Validation Bypass

  • CVE-2015-8126: Out-of-bounds access in libpng

  • CVE-2016-1637: Information Leak in Skia

  • CVE-2016-1638: WebAPI Bypass

  • CVE-2016-1639: Use-after-free in WebRTC

  • CVE-2016-1640: Origin confusion in Extensions UI

  • CVE-2016-1641: Use-after-free in Favicon

  • CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives

  • Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-330.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89912);
  script_version("2.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-8126", "CVE-2016-1630", "CVE-2016-1631", "CVE-2016-1632", "CVE-2016-1633", "CVE-2016-1634", "CVE-2016-1635", "CVE-2016-1636", "CVE-2016-1637", "CVE-2016-1638", "CVE-2016-1639", "CVE-2016-1640", "CVE-2016-1641", "CVE-2016-1642");

  script_name(english:"openSUSE Security Update : Chromium (openSUSE-2016-330)");
  script_summary(english:"Check for the openSUSE-2016-330 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Chromium was updated to 49.0.2623.75 to fix the following security
issues: (boo#969333)

  - CVE-2016-1630: Same-origin bypass in Blink

  - CVE-2016-1631: Same-origin bypass in Pepper Plugin

  - CVE-2016-1632: Bad cast in Extensions

  - CVE-2016-1633: Use-after-free in Blink

  - CVE-2016-1634: Use-after-free in Blink

  - CVE-2016-1635: Use-after-free in Blink

  - CVE-2016-1636: SRI Validation Bypass

  - CVE-2015-8126: Out-of-bounds access in libpng

  - CVE-2016-1637: Information Leak in Skia

  - CVE-2016-1638: WebAPI Bypass

  - CVE-2016-1639: Use-after-free in WebRTC

  - CVE-2016-1640: Origin confusion in Extensions UI

  - CVE-2016-1641: Use-after-free in Favicon

  - CVE-2016-1642: Various fixes from internal audits,
    fuzzing and other initiatives

  - Multiple vulnerabilities in V8 fixed at the tip of the
    4.9 branch (currently 4.9.385.26)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969333"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected Chromium packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"chromedriver-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromedriver-debuginfo-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-debuginfo-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-debugsource-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-desktop-gnome-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-desktop-kde-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-ffmpegsumo-49.0.2623.75-81.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"chromium-ffmpegsumo-debuginfo-49.0.2623.75-81.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
}
VendorProductVersionCPE
novellopensusechromedriverp-cpe:/a:novell:opensuse:chromedriver
novellopensusechromedriver-debuginfop-cpe:/a:novell:opensuse:chromedriver-debuginfo
novellopensusechromiump-cpe:/a:novell:opensuse:chromium
novellopensusechromium-debuginfop-cpe:/a:novell:opensuse:chromium-debuginfo
novellopensusechromium-debugsourcep-cpe:/a:novell:opensuse:chromium-debugsource
novellopensusechromium-desktop-gnomep-cpe:/a:novell:opensuse:chromium-desktop-gnome
novellopensusechromium-desktop-kdep-cpe:/a:novell:opensuse:chromium-desktop-kde
novellopensusechromium-ffmpegsumop-cpe:/a:novell:opensuse:chromium-ffmpegsumo
novellopensusechromium-ffmpegsumo-debuginfop-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

nessus 52
openvas 31
freebsd 2
suse 6
debian 3
archlinux 4
osv 2
chrome 1
redhat 2
kaspersky 1
ubuntu 1
mageia 2
prion 14
cve 14
ubuntucve 15
debiancve 15
seebug 3
fedora 14
veracode 2
f5 4
amazon 1
ibm 6
slackware 2
centos 1
oraclelinux 1
nessus
nessus
openSUSE Security Update : Chromium (openSUSE-2016-316)
2016-03-10 00:00:00
SUSE SLES12 Security Update : Chromium (SUSE-SU-2016:0665-1)
2016-03-09 00:00:00
openSUSE Security Update : Chromium (openSUSE-2016-664)
2016-03-23 00:00:00
openvas
openvas
openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:0729-1)
2016-03-12 00:00:00
Debian Security Advisory DSA 3507-1 (chromium-browser - security update)
2016-03-05 00:00:00
openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:0684-1)
2016-03-10 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2016-03-02 00:00:00
libpng buffer overflow in png_set_PLTE
2015-11-15 00:00:00
suse
suse
Security update for Chromium (important)
2016-03-06 17:12:11
Security update for Chromium (important)
2016-03-06 17:11:45
Security update for Chromium (important)
2016-03-08 11:12:27
debian
debian
[SECURITY] [DSA 3507-1] chromium-browser security update
2016-03-05 21:22:56
[SECURITY] [DSA 3507-1] chromium-browser security update
2016-03-05 21:22:56
[SECURITY] [DSA 3399-1] libpng security update
2015-11-18 19:55:41
archlinux
archlinux
chromium: multiple issues
2016-03-03 00:00:00
libpng: buffer overflow
2015-12-28 00:00:00
libpng: multiple issues
2015-11-17 00:00:00
osv
osv
chromium-browser - security update
2016-03-05 00:00:00
libpng - security update
2015-11-18 00:00:00
chrome
chrome
Stable Channel Update
2016-03-02 00:00:00
redhat
redhat
(RHSA-2016:0359) Important: chromium-browser security update
2016-03-07 00:00:00
(RHSA-2015:2596) Moderate: libpng security update
2015-12-09 13:26:42
kaspersky
kaspersky
KLA10764 Multiple vulnerabilities in Google Chrome
2016-03-02 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2016-03-10 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2016-03-31 23:22:34
Updated libpng/libpng12 packages fix security vulnerability
2015-11-20 01:08:19
prion
prion
Design/Logic Flaw
2016-03-06 02:59:00
Design/Logic Flaw
2016-03-06 02:59:00
Design/Logic Flaw
2016-03-06 02:59:00
cve
cve
CVE-2016-1631
2016-03-06 02:59:00
CVE-2016-1638
2016-03-06 02:59:00
CVE-2016-1639
2016-03-06 02:59:00
ubuntucve
ubuntucve
CVE-2016-1638
2016-03-06 00:00:00
CVE-2016-1632
2016-03-06 00:00:00
CVE-2016-1630
2016-03-05 00:00:00
debiancve
debiancve
CVE-2016-1631
2016-03-06 02:59:00
CVE-2016-1640
2016-03-06 02:59:00
CVE-2016-1634
2016-03-06 02:59:00
seebug
seebug
Chrome Universal XSS using Flash message loop (CVE-2016-1631)
2017-04-24 00:00:00
Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)
2017-04-24 00:00:00
Chrome the improper use of Flash message loop leads to the UXSS Vulnerability, CVE-2016-1631)
2016-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mingw-libpng-1.6.19-1.fc23
2015-11-27 18:24:08
[SECURITY] Fedora 23 Update: mingw-libpng-1.6.21-1.fc23
2016-02-17 04:02:12
[SECURITY] Fedora 21 Update: mingw-libpng-1.6.19-1.fc21
2015-11-28 23:18:28
veracode
veracode
Buffer Overflow
2017-02-08 02:19:46
Denial-of-Service (DoS) Via Embedded Dependency
2017-02-27 07:42:41
f5
f5
K76930736 : Libpng vulnerability CVE-2015-8126
2015-12-19 00:00:00
SOL76930736 - Libpng vulnerability CVE-2015-8126
2015-12-18 00:00:00
SOL81903701 - Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00
amazon
amazon
Medium: libpng
2015-11-23 13:43:00
ibm
ibm
Security Bulletin: Vulnerabilities in libpng affect Rational DOORS (CVE-2015-8126, CVE-2015-8472)
2020-05-01 08:19:24
Security Bulletin: Vulnerabilities in libpng affect IBM Integrated Management Module (IMM) (CVE-2015-7981, CVE-2015-8126)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in libpng affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-8126 CVE-2015-7981)
2023-04-14 14:32:25
slackware
slackware
[slackware-security] libpng
2015-12-03 08:20:21
[slackware-security] libpng
2015-12-16 06:25:09
centos
centos
libpng security update
2015-12-09 19:21:36
oraclelinux
oraclelinux
libpng security update
2015-12-09 00:00:00
JSON
Related for OPENSUSE-2016-330.NASL
nessus52openvas31freebsd2suse6debian3archlinux4osv2chrome1redhat2kaspersky1ubuntu1mageia2prion14cve14ubuntucve15debiancve15seebug3fedora14veracode2f54amazon1ibm6slackware2centos1oraclelinux1