Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-1456.NASL
HistoryMay 28, 2019 - 12:00 a.m.

openSUSE Security Update : chromium (openSUSE-2019-1456)

2019-05-2800:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

This update for chromium fixes the following issues :

Chromium was updated to 74.0.3729.157 :

  • Various security fixes from internal audits, fuzzing and other initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218) :

  • CVE-2019-5827: Out-of-bounds access in SQLite

  • CVE-2019-5824: Parameter passing error in media player

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1456.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(125456);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/23");

  script_cve_id("CVE-2019-5824", "CVE-2019-5827");

  script_name(english:"openSUSE Security Update : chromium (openSUSE-2019-1456)");
  script_summary(english:"Check for the openSUSE-2019-1456 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for chromium fixes the following issues :

Chromium was updated to 74.0.3729.157 :

  - Various security fixes from internal audits, fuzzing and
    other initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218) :

  - CVE-2019-5827: Out-of-bounds access in SQLite

  - CVE-2019-5824: Parameter passing error in media player"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134218"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected chromium packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"chromedriver-74.0.3729.157-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"chromedriver-debuginfo-74.0.3729.157-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"chromium-74.0.3729.157-lp151.2.3.1", allowmaj:TRUE) ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"chromium-debuginfo-74.0.3729.157-lp151.2.3.1", allowmaj:TRUE) ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"chromium-debugsource-74.0.3729.157-lp151.2.3.1", allowmaj:TRUE) ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
}
VendorProductVersionCPE
novellopensusechromedriverp-cpe:/a:novell:opensuse:chromedriver
novellopensusechromedriver-debuginfop-cpe:/a:novell:opensuse:chromedriver-debuginfo
novellopensusechromiump-cpe:/a:novell:opensuse:chromium
novellopensusechromium-debuginfop-cpe:/a:novell:opensuse:chromium-debuginfo
novellopensusechromium-debugsourcep-cpe:/a:novell:opensuse:chromium-debugsource
novellopensuse15.1cpe:/o:novell:opensuse:15.1

Related

openvas 14
nessus 19
suse 3
kaspersky 1
redhat 25
chrome 1
redhatcve 2
cve 2
prion 2
ubuntucve 2
debiancve 2
veracode 1
fedora 7
gentoo 1
osv 4
almalinux 1
oraclelinux 1
rocky 1
cloudfoundry 1
ubuntu 1
debian 3
mageia 1
ibm 2
oracle 1
openvas
openvas
openSUSE: Security Advisory for chromium (openSUSE-SU-2019:1456-1)
2019-05-28 00:00:00
Google Chrome Security Updates(stable-channel-update-for-desktop_30-2019-04)-Linux
2019-05-02 00:00:00
Google Chrome Security Updates(stable-channel-update-for-desktop_30-2019-04)-MAC OS X
2019-05-02 00:00:00
nessus
nessus
RHEL 6 : chromium-browser (RHSA-2019:1243)
2019-05-17 00:00:00
Google Chrome < 74.0.3729.131 Multiple Vulnerabilities
2019-05-02 00:00:00
Google Chrome < 74.0.3729.131 Multiple Vulnerabilities
2019-05-02 00:00:00
suse
suse
Security update for chromium (important)
2019-05-28 00:00:00
Security update for chromium (important)
2019-06-03 00:00:00
Security update for chromium (important)
2019-06-28 00:00:00
kaspersky
kaspersky
KLA11475 Multiple vulnerabilities in Google Chrome
2019-04-30 00:00:00
redhat
redhat
(RHSA-2019:1243) Important: chromium-browser security update
2019-05-16 20:01:47
(RHSA-2021:4396) Moderate: sqlite security update
2021-11-09 09:16:47
(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0
2022-02-03 17:07:25
chrome
chrome
Stable Channel Update for Desktop
2019-04-30 00:00:00
redhatcve
redhatcve
CVE-2019-5827
2019-05-06 12:51:03
CVE-2019-5824
2019-05-06 11:22:40
cve
cve
CVE-2019-5827
2019-06-27 17:15:00
CVE-2019-5824
2019-06-27 17:15:00
prion
prion
Integer overflow
2019-06-27 17:15:00
Design/Logic Flaw
2019-06-27 17:15:00
ubuntucve
ubuntucve
CVE-2019-5827
2019-06-27 00:00:00
CVE-2019-5824
2019-06-27 00:00:00
debiancve
debiancve
CVE-2019-5827
2019-06-27 17:15:00
CVE-2019-5824
2019-06-27 17:15:00
veracode
veracode
Integer Overflow
2020-09-21 06:25:03
fedora
fedora
[SECURITY] Fedora 29 Update: sqlite-3.26.0-3.fc29
2019-06-04 02:22:26
[SECURITY] Fedora 30 Update: sqlite-3.26.0-5.fc30
2019-05-20 01:05:52
[SECURITY] Fedora 29 Update: sqlite-3.26.0-4.fc29
2019-08-08 01:53:28
gentoo
gentoo
SQLite: Multiple vulnerabilities
2020-03-15 00:00:00
osv
osv
Moderate: sqlite security update
2021-11-09 09:16:47
Moderate: sqlite security update
2021-11-09 09:16:47
sqlite3 - security update
2020-08-22 00:00:00
almalinux
almalinux
Moderate: sqlite security update
2021-11-09 09:16:47
oraclelinux
oraclelinux
sqlite security update
2021-11-16 00:00:00
rocky
rocky
sqlite security update
2021-11-09 09:16:47
cloudfoundry
cloudfoundry
USN-4205-1: SQLite vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2019-12-02 00:00:00
debian
debian
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
[SECURITY] [DSA 4500-1] chromium security update
2019-08-13 05:17:57
[SECURITY] [DSA 4500-1] chromium security update
2019-08-13 05:17:57
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2019-09-21 14:07:28
ibm
ibm
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
2023-01-19 13:54:16
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
JSON
Related for OPENSUSE-2019-1456.NASL
openvas14nessus19suse3kaspersky1redhat25chrome1redhatcve2cve2prion2ubuntucve2debiancve2veracode1fedora7gentoo1osv4almalinux1oraclelinux1rocky1cloudfoundry1ubuntu1debian3mageia1ibm2oracle1