Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-280.NASL
HistoryMar 19, 2018 - 12:00 a.m.

openSUSE Security Update : SDL2 / SDL2_image (openSUSE-2018-280)

2018-03-1900:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

This update for SDL2 and SDL2_image fixes the following issues :

  • CVE-2017-14441: Code execution in the ICO image rendering (bsc#1084282).

  • CVE-2017-14440: Potential code execution in the ILBM image rendering functionality (bsc#1084257).

  • CVE-2017-12122: Potential code execution in the ILBM image rendering fuctionality (bsc#1084256).

  • CVE-2017-14448: Heap buffer overflow in the XCF image rendering functionality (bsc#1084303).

  • CVE-2017-14449: Double-Free in the XCF image rendering (bsc#1084297).

  • CVE-2017-14442: Stack-based buffer overflow the BMP image rendering functionality (bsc#1084304).

  • CVE-2017-14450: Buffer overflow in the GIF image parsing (bsc#1084288).

Bug fixes :

  • boo#1025413: Add dbus-ime.diff and build with fcitx.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-280.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(108444);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2017-12122", "CVE-2017-14440", "CVE-2017-14441", "CVE-2017-14442", "CVE-2017-14448", "CVE-2017-14449", "CVE-2017-14450");

  script_name(english:"openSUSE Security Update : SDL2 / SDL2_image (openSUSE-2018-280)");
  script_summary(english:"Check for the openSUSE-2018-280 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for SDL2 and SDL2_image fixes the following issues :

  - CVE-2017-14441: Code execution in the ICO image
    rendering (bsc#1084282).

  - CVE-2017-14440: Potential code execution in the ILBM
    image rendering functionality (bsc#1084257).

  - CVE-2017-12122: Potential code execution in the ILBM
    image rendering fuctionality (bsc#1084256).

  - CVE-2017-14448: Heap buffer overflow in the XCF image
    rendering functionality (bsc#1084303).

  - CVE-2017-14449: Double-Free in the XCF image rendering
    (bsc#1084297).

  - CVE-2017-14442: Stack-based buffer overflow the BMP
    image rendering functionality (bsc#1084304).

  - CVE-2017-14450: Buffer overflow in the GIF image parsing
    (bsc#1084288).

Bug fixes :

  - boo#1025413: Add dbus-ime.diff and build with fcitx."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1025413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084282"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084297"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084303"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084304"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected SDL2 / SDL2_image packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:SDL2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:SDL2_image-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"SDL2-debugsource-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"SDL2_image-debugsource-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2-2_0-0-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2-2_0-0-debuginfo-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2-devel-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2_image-2_0-0-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2_image-2_0-0-debuginfo-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2_image-devel-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2-2_0-0-32bit-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2-2_0-0-debuginfo-32bit-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2-devel-32bit-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2_image-2_0-0-32bit-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2_image-2_0-0-debuginfo-32bit-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2_image-devel-32bit-2.0.3-13.10.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SDL2-debugsource / libSDL2-2_0-0 / libSDL2-2_0-0-32bit / etc");
}
VendorProductVersionCPE
novellopensusesdl2-debugsourcep-cpe:/a:novell:opensuse:sdl2-debugsource
novellopensusesdl2_image-debugsourcep-cpe:/a:novell:opensuse:sdl2_image-debugsource
novellopensuselibsdl2-2_0-0p-cpe:/a:novell:opensuse:libsdl2-2_0-0
novellopensuselibsdl2-2_0-0-32bitp-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit
novellopensuselibsdl2-2_0-0-debuginfop-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo
novellopensuselibsdl2-2_0-0-debuginfo-32bitp-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo-32bit
novellopensuselibsdl2-develp-cpe:/a:novell:opensuse:libsdl2-devel
novellopensuselibsdl2-devel-32bitp-cpe:/a:novell:opensuse:libsdl2-devel-32bit
novellopensuselibsdl2_image-2_0-0p-cpe:/a:novell:opensuse:libsdl2_image-2_0-0
novellopensuselibsdl2_image-2_0-0-32bitp-cpe:/a:novell:opensuse:libsdl2_image-2_0-0-32bit
Rows per page:
1-10 of 151

Related

suse 1
nessus 4
talosblog 1
openvas 6
debian 4
osv 10
mageia 2
gentoo 1
talos 7
ubuntucve 7
prion 7
cvelist 7
debiancve 7
cve 7
redhatcve 1
veracode 2
suse
suse
Security update for SDL2, SDL2_image (important)
2018-03-18 15:09:14
nessus
nessus
Debian DLA-1341-1 : sdl-image1.2 security update
2018-04-10 00:00:00
Debian DSA-4177-1 : libsdl2-image - security update
2018-04-23 00:00:00
GLSA-201903-17 : SDL2_Image: Multiple vulnerabilities
2019-03-28 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image
2018-03-01 13:21:00
openvas
openvas
openSUSE: Security Advisory for SDL2 (openSUSE-SU-2018:0734-1)
2018-03-19 00:00:00
Debian: Security Advisory (DLA-1341-1)
2018-04-08 00:00:00
Mageia: Security Advisory (MGASA-2018-0454)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 1341-1] sdl-image1.2 security update
2018-04-06 22:29:38
[SECURITY] [DSA 4177-1] libsdl2-image security update
2018-04-20 20:17:24
[SECURITY] [DSA 4184-1] sdl-image1.2 security update
2018-04-28 19:28:02
osv
osv
libsdl2-image - security update
2018-04-20 00:00:00
sdl-image1.2 - security update
2018-04-06 00:00:00
sdl-image1.2 - security update
2018-04-28 00:00:00
mageia
mageia
Updated SDL_image packages fix security vulnerability
2018-06-06 21:15:31
Updated sdl2/mingw-SDL2 packages fix security vulnerabilities
2018-11-18 01:23:26
gentoo
gentoo
SDL2_Image: Multiple vulnerabilities
2019-03-28 00:00:00
talos
talos
Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability
2018-03-01 00:00:00
Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability
2018-03-01 00:00:00
Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability
2018-03-01 00:00:00
ubuntucve
ubuntucve
CVE-2017-14442
2018-04-24 00:00:00
CVE-2017-14441
2018-04-24 00:00:00
CVE-2017-14449
2018-04-24 00:00:00
prion
prion
Design/Logic Flaw
2018-04-24 19:29:00
Stack overflow
2018-04-24 19:29:00
Stack overflow
2018-04-24 19:29:00
cvelist
cvelist
CVE-2017-14450
2018-03-01 00:00:00
CVE-2017-14440
2018-03-01 00:00:00
CVE-2017-14449
2018-03-01 00:00:00
debiancve
debiancve
CVE-2017-14441
2018-04-24 19:29:00
CVE-2017-14442
2018-04-24 19:29:00
CVE-2017-14449
2018-04-24 19:29:00
cve
cve
CVE-2017-14442
2018-04-24 19:29:00
CVE-2017-14449
2018-04-24 19:29:00
CVE-2017-14440
2018-04-24 19:29:00
redhatcve
redhatcve
CVE-2017-14450
2022-05-20 22:50:07
veracode
veracode
Remote Code Execution (RCE)
2018-09-12 07:08:48
Remote Code Execution (RCE)
2018-09-12 07:32:34
JSON
Related for OPENSUSE-2018-280.NASL
suse1nessus4talosblog1openvas6debian4osv10mageia2gentoo1talos7ubuntucve7prion7cvelist7debiancve7cve7redhatcve1veracode2