Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 Tenable Network Security, Inc.OPENSUSE-2017-402.NASL
HistoryApr 03, 2017 - 12:00 a.m.

openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)

2017-04-0300:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
28
JSON

This update for gstreamer-0_10-plugins-good fixes the following issues :

Security issues fixed :

  • CVE-2016-9634, CVE-2016-9635: add some bounds checking (boo#1012102 boo#1012103).

  • CVE-2016-9636: fix casting for some comparisons (boo#1012104).

  • CVE-2016-9807, CVE-2016-9808: rewrite logic using GsgtByteReader/Writer (boo#1013653 boo#1013655).

  • CVE-2016-9810: don’t unref() parent in the chain function (boo#1013663).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-402.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99150);
  script_version("3.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810");

  script_name(english:"openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)");
  script_summary(english:"Check for the openSUSE-2017-402 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for gstreamer-0_10-plugins-good fixes the following 
issues :

Security issues fixed :

  - CVE-2016-9634, CVE-2016-9635: add some bounds checking
    (boo#1012102 boo#1012103).

  - CVE-2016-9636: fix casting for some comparisons
    (boo#1012104).

  - CVE-2016-9807, CVE-2016-9808: rewrite logic using
    GsgtByteReader/Writer (boo#1013653 boo#1013655).

  - CVE-2016-9810: don't unref() parent in the chain
    function (boo#1013663)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gstreamer-0_10-plugins-good packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugin-esd-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugin-esd-debuginfo-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugins-good-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugins-good-debuginfo-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugins-good-debugsource-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugins-good-extra-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugins-good-extra-debuginfo-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"gstreamer-0_10-plugins-good-lang-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"gstreamer-0_10-plugin-esd-32bit-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"gstreamer-0_10-plugin-esd-debuginfo-32bit-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"gstreamer-0_10-plugins-good-32bit-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"gstreamer-0_10-plugins-good-debuginfo-32bit-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"gstreamer-0_10-plugins-good-extra-32bit-0.10.31-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"gstreamer-0_10-plugins-good-extra-debuginfo-32bit-0.10.31-17.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gstreamer-0_10-plugin-esd / gstreamer-0_10-plugin-esd-32bit / etc");
}
VendorProductVersionCPE
novellopensusegstreamer-0_10-plugin-esdp-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd
novellopensusegstreamer-0_10-plugin-esd-32bitp-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit
novellopensusegstreamer-0_10-plugin-esd-debuginfop-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo
novellopensusegstreamer-0_10-plugin-esd-debuginfo-32bitp-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit
novellopensusegstreamer-0_10-plugins-goodp-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good
novellopensusegstreamer-0_10-plugins-good-32bitp-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit
novellopensusegstreamer-0_10-plugins-good-debuginfop-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo
novellopensusegstreamer-0_10-plugins-good-debuginfo-32bitp-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit
novellopensusegstreamer-0_10-plugins-good-debugsourcep-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource
novellopensusegstreamer-0_10-plugins-good-extrap-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra
Rows per page:
1-10 of 151

Related

nessus 42
suse 10
openvas 31
mageia 1
oraclelinux 4
centos 4
ibm 1
redhat 4
redhatcve 5
fedora 4
debian 5
osv 9
prion 6
cve 6
veracode 6
ubuntucve 6
f5 1
alpinelinux 4
debiancve 6
gentoo 1
rosalinux 1
nessus
nessus
SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1)
2017-01-03 00:00:00
SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1)
2017-01-23 00:00:00
openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65)
2017-01-10 00:00:00
suse
suse
Security update for gstreamer-plugins-good (important)
2017-01-16 19:10:24
Security update for gstreamer-0_10-plugins-good (important)
2017-01-20 18:09:49
Security update for gstreamer-0_10-plugins-good (important)
2017-01-19 21:10:07
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:0225-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for gstreamer-0_10-plugins-good (openSUSE-SU-2017:0298-1)
2017-02-03 00:00:00
openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0141-1)
2017-01-17 00:00:00
mageia
mageia
Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
2016-12-29 13:29:11
oraclelinux
oraclelinux
gstreamer1-plugins-good security update
2017-01-05 00:00:00
gstreamer-plugins-good security update
2016-12-21 00:00:00
gstreamer-plugins-good security update
2017-01-05 00:00:00
centos
centos
gstreamer security update
2017-01-09 18:12:52
gstreamer security update
2016-12-21 17:41:00
gstreamer1 security update
2017-01-09 18:12:11
ibm
ibm
Security Bulletin: Vulnerabilities in GStreamer affect PowerKVM
2018-06-18 01:35:35
redhat
redhat
(RHSA-2017:0019) Moderate: gstreamer-plugins-good security update
2017-01-05 08:45:45
(RHSA-2016:2975) Important: gstreamer-plugins-good security update
2016-12-21 11:39:29
(RHSA-2017:0020) Moderate: gstreamer1-plugins-good security update
2017-01-05 08:50:02
redhatcve
redhatcve
CVE-2016-9634
2016-11-24 13:47:35
CVE-2016-9636
2016-11-24 13:47:26
CVE-2016-9635
2016-11-24 13:47:41
fedora
fedora
[SECURITY] Fedora 25 Update: gstreamer-plugins-good-0.10.31-17.fc25
2016-12-09 22:31:13
[SECURITY] Fedora 25 Update: gstreamer1-plugins-good-1.10.1-2.fc25
2016-12-04 16:54:10
[SECURITY] Fedora 24 Update: gstreamer-plugins-good-0.10.31-17.fc24
2016-12-16 03:55:13
debian
debian
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update
2016-11-24 20:43:40
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update
2016-11-24 20:43:40
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update
2016-11-24 20:43:47
osv
osv
gst-plugins-good1.0 - security update
2016-11-24 00:00:00
gst-plugins-good0.10 - security update
2016-11-24 00:00:00
gst-plugins-good0.10 - security update
2016-11-30 00:00:00
prion
prion
Heap overflow
2017-01-27 22:59:00
Out-of-bounds
2017-01-13 16:59:00
Heap overflow
2017-01-27 22:59:00
cve
cve
CVE-2016-9635
2017-01-27 22:59:00
CVE-2016-9808
2017-01-13 16:59:00
CVE-2016-9634
2017-01-27 22:59:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:14:59
Denial Of Service (DoS) And Remote Code Execution (RCE)
2019-05-02 05:51:36
Denial Of Service (DoS)
2019-05-02 05:51:36
ubuntucve
ubuntucve
CVE-2016-9634
2017-01-27 00:00:00
CVE-2016-9635
2017-01-27 00:00:00
CVE-2016-9808
2017-01-13 00:00:00
f5
f5
K08421805 : GStreamer vulnerability CVE-2016-9635
2017-03-08 00:00:00
alpinelinux
alpinelinux
CVE-2016-9808
2017-01-13 16:59:00
CVE-2016-9635
2017-01-27 22:59:00
CVE-2016-9634
2017-01-27 22:59:00
debiancve
debiancve
CVE-2016-9635
2017-01-27 22:59:00
CVE-2016-9634
2017-01-27 22:59:00
CVE-2016-9808
2017-01-13 16:59:00
gentoo
gentoo
GStreamer plug-ins: User-assisted execution of arbitrary code
2017-05-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1850
2021-07-02 17:03:31
JSON
Related for OPENSUSE-2017-402.NASL
nessus42suse10openvas31mageia1oraclelinux4centos4ibm1redhat4redhatcve5fedora4debian5osv9prion6cve6veracode6ubuntucve6f51alpinelinux4debiancve6gentoo1rosalinux1