Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2021-1488.NASL
HistoryNov 20, 2021 - 12:00 a.m.

openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)

2021-11-2000:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1488-1 advisory.

  • Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-37981)

  • Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)

  • Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)

  • Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)

  • Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-37985)

  • Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)

  • Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)

  • Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-37988)

  • Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)

  • Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)

  • Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37991)

  • Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)

  • Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)

  • Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)

  • Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    (CVE-2021-37995)

  • Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:1488-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(155652);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/06");

  script_cve_id(
    "CVE-2021-37981",
    "CVE-2021-37982",
    "CVE-2021-37983",
    "CVE-2021-37984",
    "CVE-2021-37985",
    "CVE-2021-37986",
    "CVE-2021-37987",
    "CVE-2021-37988",
    "CVE-2021-37989",
    "CVE-2021-37990",
    "CVE-2021-37991",
    "CVE-2021-37992",
    "CVE-2021-37993",
    "CVE-2021-37994",
    "CVE-2021-37995",
    "CVE-2021-37996"
  );
  script_xref(name:"IAVA", value:"2021-A-0491-S");

  script_name(english:"openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:1488-1 advisory.

  - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had
    compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-37981)

  - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)

  - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)

  - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)

  - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a
    user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-37985)

  - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)

  - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)

  - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced
    a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-37988)

  - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    abuse content security policy via a crafted HTML page. (CVE-2021-37989)

  - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote
    attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)

  - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap
    corruption via a crafted HTML page. (CVE-2021-37991)

  - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)

  - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)

  - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote
    attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)

  - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote
    attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    (CVE-2021-37995)

  - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a
    remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://lists.opensuse.org/archives/list/[email protected]/thread/2KPG5DWW4SNUCP3CCQ2LC7L3RKCFTIAA/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a94c608");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37981");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37982");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37983");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37984");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37985");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37986");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37987");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37988");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37989");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37990");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37991");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37992");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37993");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37994");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37995");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37996");
  script_set_attribute(attribute:"solution", value:
"Update the affected opera package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37993");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-37981");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);

var pkgs = [
    {'reference':'opera-81.0.4196.31-lp152.2.76.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var cpu = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');
}
VendorProductVersionCPE
novellopensuseoperap-cpe:/a:novell:opensuse:opera
novellopensuse15.2cpe:/o:novell:opensuse:15.2

References

Related

suse 6
nessus 9
archlinux 3
chrome 1
freebsd 1
openvas 9
kaspersky 1
malwarebytes 1
veracode 16
cnvd 16
ubuntucve 16
prion 16
cve 16
alpinelinux 6
mscve 16
debiancve 16
redhatcve 2
debian 1
osv 1
mageia 1
fedora 2
gentoo 1
suse
suse
Security update for chromium (important)
2021-10-30 00:00:00
Security update for opera (important)
2021-11-19 00:00:00
Security update for opera (important)
2021-11-19 00:00:00
nessus
nessus
openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)
2021-10-31 00:00:00
Google Chrome < 95.0.4638.54 Multiple Vulnerabilities
2021-10-19 00:00:00
Google Chrome < 95.0.4638.54 Multiple Vulnerabilities
2021-10-19 00:00:00
archlinux
archlinux
[ASA-202111-4] opera: multiple issues
2021-11-05 00:00:00
[ASA-202110-2] chromium: multiple issues
2021-10-21 00:00:00
[ASA-202112-1] vivaldi: multiple issues
2021-12-03 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-10-19 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-10-19 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_19-2021-10) - Linux
2021-10-25 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2021:1396-1)
2021-10-31 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_19-2021-10) - Windows
2021-10-25 00:00:00
kaspersky
kaspersky
KLA12329 Multiple vulnerability in Microsoft Browser
2021-10-21 00:00:00
malwarebytes
malwarebytes
Update now! Chrome fixes more security issues
2021-10-21 13:31:23
veracode
veracode
Content Spoofing
2021-11-09 15:06:49
Directory Traversal
2021-11-09 15:06:53
Denial Of Service (DoS)
2021-11-09 15:05:51
cnvd
cnvd
Google Chrome WebApp Installer improperly implemented vulnerability
2021-10-21 00:00:00
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84814)
2021-10-21 00:00:00
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84810)
2021-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2021-37983
2021-11-02 00:00:00
CVE-2021-37995
2021-11-02 00:00:00
CVE-2021-37982
2021-11-02 00:00:00
prion
prion
Design/Logic Flaw
2021-11-02 22:15:00
Design/Logic Flaw
2021-11-02 22:15:00
Design/Logic Flaw
2021-11-02 22:15:00
cve
cve
CVE-2021-37996
2021-11-02 22:15:00
CVE-2021-37984
2021-11-02 22:15:00
CVE-2021-37986
2021-11-02 22:15:00
alpinelinux
alpinelinux
CVE-2021-37984
2021-11-02 22:15:00
CVE-2021-37992
2021-11-02 22:15:00
CVE-2021-37987
2021-11-02 22:15:00
mscve
mscve
Chromium: CVE-2021-37992 Out of bounds read in WebAudio
2021-10-21 07:00:00
Chromium: CVE-2021-37995 Inappropriate implementation in WebApp Installer
2021-10-21 07:00:00
Chromium: CVE-2021-37983 Use after free in Dev Tools
2021-10-21 07:00:00
debiancve
debiancve
CVE-2021-37983
2021-11-02 22:15:00
CVE-2021-37995
2021-11-02 22:15:00
CVE-2021-37981
2021-11-02 22:15:00
redhatcve
redhatcve
CVE-2021-37981
2022-05-20 23:09:48
CVE-2021-37984
2022-05-20 22:47:25
debian
debian
[SECURITY] [DSA 5046-1] chromium security update
2022-01-14 19:31:45
osv
osv
chromium - security update
2022-01-14 00:00:00
mageia
mageia
Updated qtwebengine5 packages fix security vulnerability
2022-02-05 23:23:13
fedora
fedora
[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35
2022-01-30 01:44:13
[SECURITY] Fedora 34 Update: qt5-qtwebengine-5.15.8-2.fc34
2022-02-04 01:23:18
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2022-01-31 00:00:00
JSON
Related for OPENSUSE-2021-1488.NASL
suse6nessus9archlinux3chrome1freebsd1openvas9kaspersky1malwarebytes1veracode16cnvd16ubuntucve16prion16cve16alpinelinux6mscve16debiancve16redhatcve2debian1osv1mageia1fedora2gentoo1