Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 Tenable Network Security, Inc.OPENSUSE-2017-478.NASL
HistoryApr 18, 2017 - 12:00 a.m.

openSUSE Security Update : jasper (openSUSE-2017-478)

2017-04-1800:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
29
JSON

This update for jasper fixes the following issues :

Security issues fixed :

  • CVE-2016-9600: NULL pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088)

  • CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)

  • CVE-2017-5498: left-shift undefined behaviour (bsc#1020353)

  • CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868)

  • CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400)

This update was imported from the SUSE:SLE-12:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-478.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99429);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-10251", "CVE-2016-9583", "CVE-2016-9600", "CVE-2017-5498", "CVE-2017-6850");

  script_name(english:"openSUSE Security Update : jasper (openSUSE-2017-478)");
  script_summary(english:"Check for the openSUSE-2017-478 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for jasper fixes the following issues :

Security issues fixed :

  - CVE-2016-9600: NULL pointer Dereference due to missing
    check for UNKNOWN color space in JP2 encoder
    (bsc#1018088)

  - CVE-2016-10251: Use of uninitialized value in
    jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)

  - CVE-2017-5498: left-shift undefined behaviour
    (bsc#1020353)

  - CVE-2017-6850: NULL pointer dereference in
    jp2_cdef_destroy (jp2_cod.c) (bsc#1021868)

  - CVE-2016-9583: Out of bounds heap read in
    jpc_pi_nextpcrl() (bsc#1015400)

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015400"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1018088"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021868"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1029497"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected jasper packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jasper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jasper-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jasper-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjasper-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjasper1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjasper1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjasper1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"jasper-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"jasper-debuginfo-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"jasper-debugsource-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libjasper-devel-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libjasper1-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libjasper1-debuginfo-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libjasper1-32bit-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libjasper1-debuginfo-32bit-1.900.14-176.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"jasper-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"jasper-debuginfo-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"jasper-debugsource-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjasper-devel-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjasper1-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjasper1-debuginfo-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjasper1-32bit-1.900.14-175.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjasper1-debuginfo-32bit-1.900.14-175.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jasper / jasper-debuginfo / jasper-debugsource / libjasper-devel / etc");
}
VendorProductVersionCPE
novellopensusejasperp-cpe:/a:novell:opensuse:jasper
novellopensusejasper-debuginfop-cpe:/a:novell:opensuse:jasper-debuginfo
novellopensusejasper-debugsourcep-cpe:/a:novell:opensuse:jasper-debugsource
novellopensuselibjasper-develp-cpe:/a:novell:opensuse:libjasper-devel
novellopensuselibjasper1p-cpe:/a:novell:opensuse:libjasper1
novellopensuselibjasper1-32bitp-cpe:/a:novell:opensuse:libjasper1-32bit
novellopensuselibjasper1-debuginfop-cpe:/a:novell:opensuse:libjasper1-debuginfo
novellopensuselibjasper1-debuginfo-32bitp-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit
novellopensuse42.1cpe:/o:novell:opensuse:42.1
novellopensuse42.2cpe:/o:novell:opensuse:42.2

Related

nessus 24
suse 1
openvas 17
osv 7
redhatcve 5
fedora 4
ubuntucve 5
cve 5
prion 5
veracode 3
debian 2
mageia 1
ubuntu 2
redhat 1
centos 1
cloudfoundry 2
amazon 1
ibm 2
oraclelinux 1
oracle 2
nessus
nessus
SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2017:0953-1)
2017-04-07 00:00:00
SUSE SLES11 Security Update : jasper (SUSE-SU-2017:0946-1)
2017-04-06 00:00:00
Fedora 24 : jasper (2017-d90fac5c8f)
2017-02-06 00:00:00
suse
suse
Security update for jasper (important)
2017-04-05 21:08:41
openvas
openvas
Fedora Update for jasper FEDORA-2017-78a77d2450
2017-02-03 00:00:00
Fedora Update for jasper FEDORA-2017-d90fac5c8f
2017-02-20 00:00:00
Debian LTS: Security Advisory for jasper (DLA-920-1)
2018-01-17 00:00:00
osv
osv
CVE-2016-9583
2018-08-01 17:29:00
CVE-2017-6850
2017-03-15 14:59:01
CVE-2016-9600
2018-03-12 15:29:00
redhatcve
redhatcve
CVE-2016-9600
2017-01-04 09:17:58
CVE-2016-10251
2017-03-21 14:48:23
CVE-2016-9583
2016-12-15 19:10:59
fedora
fedora
[SECURITY] Fedora 25 Update: jasper-1.900.13-2.fc25
2017-02-01 21:21:36
[SECURITY] Fedora 24 Update: jasper-1.900.13-2.fc24
2017-02-03 21:50:06
[SECURITY] Fedora 24 Update: jasper-1.900.13-4.fc24
2017-05-18 21:01:18
ubuntucve
ubuntucve
CVE-2016-9583
2018-08-01 00:00:00
CVE-2016-10251
2017-03-15 00:00:00
CVE-2017-6850
2017-03-15 00:00:00
cve
cve
CVE-2017-6850
2017-03-15 14:59:00
CVE-2016-9600
2018-03-12 15:29:00
CVE-2016-10251
2017-03-15 14:59:00
prion
prion
Null pointer dereference
2018-03-12 15:29:00
Integer overflow
2017-03-15 14:59:00
Null pointer dereference
2017-03-15 14:59:00
veracode
veracode
Denial Of Service (DoS)
2019-04-29 02:42:47
Denial Of Service (DoS)
2019-05-02 06:10:45
Out-of-Bounds Heap Read Through Integer Overflow
2018-08-02 06:37:18
debian
debian
[SECURITY] [DLA 920-1] jasper security update
2017-04-26 20:10:52
[SECURITY] [DSA 3827-1] jasper security update
2017-04-07 20:32:07
mageia
mageia
Updated jasper packages fix security vulnerabilities
2017-12-31 03:10:15
ubuntu
ubuntu
JasPer vulnerabilities
2018-06-27 00:00:00
JasPer vulnerabilities
2017-05-18 00:00:00
redhat
redhat
(RHSA-2017:1208) Important: jasper security update
2017-05-09 14:59:57
centos
centos
jasper security update
2017-05-15 15:59:23
cloudfoundry
cloudfoundry
USN-3693-1: JasPer vulnerabilities | Cloud Foundry
2018-07-10 00:00:00
USN-3295-1: JasPer vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
amazon
amazon
Important: jasper
2017-06-06 16:49:00
ibm
ibm
Security Bulletin: Vulnerabilities in JasPer affect PowerKVM
2018-06-18 01:36:15
Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry
2020-07-19 00:49:12
oraclelinux
oraclelinux
jasper security update
2017-05-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
JSON
Related for OPENSUSE-2017-478.NASL
nessus24suse1openvas17osv7redhatcve5fedora4ubuntucve5cve5prion5veracode3debian2mageia1ubuntu2redhat1centos1cloudfoundry2amazon1ibm2oraclelinux1oracle2