Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-264.NASL
HistoryMar 19, 2018 - 12:00 a.m.

openSUSE Security Update : Chromium (openSUSE-2018-264)

2018-03-1900:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

This update for Chromium to version 65.0.3325.162 fixes the following issues :

  • CVE-2017-11215: Use after free in Flash

  • CVE-2017-11225: Use after free in Flash

  • CVE-2018-6060: Use after free in Blink

  • CVE-2018-6061: Race condition in V8

  • CVE-2018-6062: Heap buffer overflow in Skia

  • CVE-2018-6057: Incorrect permissions on shared memory

  • CVE-2018-6063: Incorrect permissions on shared memory

  • CVE-2018-6064: Type confusion in V8

  • CVE-2018-6065: Integer overflow in V8

  • CVE-2018-6066: Same Origin Bypass via canvas

  • CVE-2018-6067: Buffer overflow in Skia

  • CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab

  • CVE-2018-6069: Stack-based buffer overflow in Skia

  • CVE-2018-6070: CSP bypass through extensions

  • CVE-2018-6071: Heap bufffer overflow in Skia

  • CVE-2018-6072: Integer overflow in PDFium

  • CVE-2018-6073: Heap bufffer overflow in WebGL

  • CVE-2018-6074: Mark-of-the-Web bypass

  • CVE-2018-6075: Overly permissive cross origin downloads

  • CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink

  • CVE-2018-6077: Timing attack using SVG filters

  • CVE-2018-6078: URL Spoof in OmniBox

  • CVE-2018-6079: Information disclosure via texture data in WebGL

  • CVE-2018-6080: Information disclosure in IPC call

  • CVE-2018-6081: XSS in interstitials

  • CVE-2018-6082: Circumvention of port blocking

  • CVE-2018-6083: Incorrect processing of AppManifests

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-264.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(108436);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");

  script_cve_id(
    "CVE-2017-11215",
    "CVE-2017-11225",
    "CVE-2018-6057",
    "CVE-2018-6060",
    "CVE-2018-6061",
    "CVE-2018-6062",
    "CVE-2018-6063",
    "CVE-2018-6064",
    "CVE-2018-6065",
    "CVE-2018-6066",
    "CVE-2018-6067",
    "CVE-2018-6068",
    "CVE-2018-6069",
    "CVE-2018-6070",
    "CVE-2018-6071",
    "CVE-2018-6072",
    "CVE-2018-6073",
    "CVE-2018-6074",
    "CVE-2018-6075",
    "CVE-2018-6076",
    "CVE-2018-6077",
    "CVE-2018-6078",
    "CVE-2018-6079",
    "CVE-2018-6080",
    "CVE-2018-6081",
    "CVE-2018-6082",
    "CVE-2018-6083"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");

  script_name(english:"openSUSE Security Update : Chromium (openSUSE-2018-264)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for Chromium to version 65.0.3325.162 fixes the following
issues :

  - CVE-2017-11215: Use after free in Flash

  - CVE-2017-11225: Use after free in Flash

  - CVE-2018-6060: Use after free in Blink

  - CVE-2018-6061: Race condition in V8

  - CVE-2018-6062: Heap buffer overflow in Skia

  - CVE-2018-6057: Incorrect permissions on shared memory

  - CVE-2018-6063: Incorrect permissions on shared memory

  - CVE-2018-6064: Type confusion in V8

  - CVE-2018-6065: Integer overflow in V8

  - CVE-2018-6066: Same Origin Bypass via canvas

  - CVE-2018-6067: Buffer overflow in Skia

  - CVE-2018-6068: Object lifecycle issues in Chrome Custom
    Tab

  - CVE-2018-6069: Stack-based buffer overflow in Skia

  - CVE-2018-6070: CSP bypass through extensions

  - CVE-2018-6071: Heap bufffer overflow in Skia

  - CVE-2018-6072: Integer overflow in PDFium

  - CVE-2018-6073: Heap bufffer overflow in WebGL

  - CVE-2018-6074: Mark-of-the-Web bypass

  - CVE-2018-6075: Overly permissive cross origin downloads

  - CVE-2018-6076: Incorrect handling of URL fragment
    identifiers in Blink

  - CVE-2018-6077: Timing attack using SVG filters

  - CVE-2018-6078: URL Spoof in OmniBox

  - CVE-2018-6079: Information disclosure via texture data
    in WebGL

  - CVE-2018-6080: Information disclosure in IPC call

  - CVE-2018-6081: XSS in interstitials

  - CVE-2018-6082: Circumvention of port blocking

  - CVE-2018-6083: Incorrect processing of AppManifests");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084296");
  script_set_attribute(attribute:"solution", value:
"Update the affected Chromium packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"chromedriver-65.0.3325.162-146.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"chromedriver-debuginfo-65.0.3325.162-146.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"chromium-65.0.3325.162-146.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"chromium-debuginfo-65.0.3325.162-146.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"chromium-debugsource-65.0.3325.162-146.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
}
VendorProductVersionCPE
novellopensusechromedriverp-cpe:/a:novell:opensuse:chromedriver
novellopensusechromedriver-debuginfop-cpe:/a:novell:opensuse:chromedriver-debuginfo
novellopensusechromiump-cpe:/a:novell:opensuse:chromium
novellopensusechromium-debuginfop-cpe:/a:novell:opensuse:chromium-debuginfo
novellopensusechromium-debugsourcep-cpe:/a:novell:opensuse:chromium-debugsource
novellopensuse42.3cpe:/o:novell:opensuse:42.3

References

Related

freebsd 2
nessus 18
openvas 15
chrome 1
suse 3
redhat 2
gentoo 2
fedora 5
debian 2
osv 1
mageia 2
redhatcve 28
archlinux 2
ubuntucve 27
prion 26
checkpoint_advisories 4
cisa_kev 1
mscve 1
debiancve 23
attackerkb 1
zdi 2
seebug 3
cve 24
threatpost 1
zdt 2
packetstorm 1
freebsd
freebsd
chromium -- vulnerability
2016-05-03 00:00:00
Flash Player -- multiple vulnerabilities
2017-11-14 00:00:00
nessus
nessus
Google Chrome < 65.0.3325.146 Multiple Vulnerabilities (macOS)
2018-03-08 00:00:00
FreeBSD : chromium -- vulnerability (555af074-22b9-11e8-9799-54ee754af08e)
2018-03-09 00:00:00
Google Chrome < 65.0.3325.146 Multiple Vulnerabilities
2018-03-08 00:00:00
openvas
openvas
openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:0704-1)
2018-03-17 00:00:00
Google Chrome Multiple Security Vulnerabilities Mar18 (Windows)
2018-03-07 00:00:00
Google Chrome Multiple Security Vulnerabilities Mar18 (Mac OS X)
2018-03-07 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2018-03-06 00:00:00
suse
suse
Security update for Chromium (important)
2018-03-16 12:07:04
Security update for Chromium (important)
2018-05-09 15:07:28
Security update for Chromium (important)
2018-05-27 18:06:43
redhat
redhat
(RHSA-2018:0484) Important: chromium-browser security update
2018-03-12 17:29:32
(RHSA-2017:3222) Critical: flash-plugin security update
2017-11-15 10:26:05
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2018-03-13 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2017-11-19 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: qt5-qtwebengine-5.10.1-4.fc28
2018-03-26 22:32:32
[SECURITY] Fedora 27 Update: qt5-qtwebengine-5.10.1-4.fc27
2018-03-25 21:49:26
[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.10.1-4.fc26
2018-03-25 21:24:23
debian
debian
[SECURITY] [DSA 4182-1] chromium-browser security update
2018-04-28 05:30:48
[SECURITY] [DSA 4182-1] chromium-browser security update
2018-04-28 05:30:48
osv
osv
chromium-browser - security update
2018-04-28 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2018-06-04 18:11:47
Updated flash-player-plugin packages fixes security vulnerabilities
2017-11-16 10:39:32
redhatcve
redhatcve
CVE-2017-11215
2017-11-14 19:49:37
CVE-2017-11225
2017-11-14 19:49:53
CVE-2017-3114
2017-11-14 19:50:48
archlinux
archlinux
[ASA-201711-22] lib32-flashplugin: arbitrary code execution
2017-11-15 00:00:00
[ASA-201711-21] flashplugin: arbitrary code execution
2017-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2017-11225
2017-12-09 00:00:00
CVE-2018-6065
2018-11-14 00:00:00
CVE-2017-11215
2017-12-09 00:00:00
prion
prion
Design/Logic Flaw
2017-12-09 06:29:00
Stack overflow
2018-11-14 15:29:00
Integer overflow
2018-11-14 15:29:00
checkpoint_advisories
checkpoint_advisories
Google Chrome Integer Overflow Command Execution (CVE-2018-6065)
2018-05-07 00:00:00
Adobe Flash Player Use After Free (APSB17-33: CVE-2017-11225)
2017-11-14 00:00:00
Adobe Flash Player Use After Free (APSB17-33: CVE-2017-11215)
2017-11-14 00:00:00
cisa_kev
cisa_kev
Google Chromium V8 Integer Overflow Vulnerability
2022-06-08 00:00:00
mscve
mscve
November 2017 Adobe Flash Security Update
2017-11-14 08:00:00
debiancve
debiancve
CVE-2018-6069
2018-11-14 15:29:00
CVE-2018-6065
2018-11-14 15:29:00
CVE-2018-6064
2018-11-14 15:29:00
attackerkb
attackerkb
CVE-2018-6065
2018-11-14 00:00:00
zdi
zdi
(Pwn2Own) Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
2019-04-17 00:00:00
(Pwn2Own) Xiaomi Mi6 Browser CalculateInstanceSizeHelper Integer Overflow Remote Code Execution Vulnerability
2019-04-15 00:00:00
seebug
seebug
Chromium: Read-only SharedMemory descriptors on Android are writable(CVE-2018-6057)
2018-03-15 00:00:00
Chromium: Information disclosure via "memory_instrumentation::mojom::Coordinator" interface in "resource_coordinator" service(CVE-2018-6080)
2018-03-15 00:00:00
Chromium: Calling "mojo::WrapSharedMemoryHandle" is insufficient to produce read-only descriptors for IPC(CVE-2018-6063)
2018-03-15 00:00:00
cve
cve
CVE-2018-6083
2018-11-14 15:29:00
CVE-2018-6057
2018-11-14 15:29:00
CVE-2018-6070
2018-11-14 15:29:00
threatpost
threatpost
Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat
2017-11-14 12:14:00
zdt
zdt
Google Chrome V8 - Object Allocation Size Integer Overflow Exploit
2018-05-04 00:00:00
Google Chrome V8 - ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion
2018-04-03 00:00:00
packetstorm
packetstorm
Chrome V8 ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion
2018-04-03 00:00:00
JSON
Related for OPENSUSE-2018-264.NASL
freebsd2nessus18openvas15chrome1suse3redhat2gentoo2fedora5debian2osv1mageia2redhatcve28archlinux2ubuntucve27prion26checkpoint_advisories4cisa_kev1mscve1debiancve23attackerkb1zdi2seebug3cve24threatpost1zdt2packetstorm1