Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2021-759.NASL
HistoryMay 25, 2021 - 12:00 a.m.

openSUSE Security Update : djvulibre (openSUSE-2021-759)

2021-05-2500:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

This update for djvulibre fixes the following issues :

  • CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file

  • CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file

  • CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file

  • CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file

This update was imported from the SUSE:SLE-15-SP2:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2021-759.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(149887);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");

  script_cve_id(
    "CVE-2021-32490",
    "CVE-2021-32491",
    "CVE-2021-32492",
    "CVE-2021-32493"
  );

  script_name(english:"openSUSE Security Update : djvulibre (openSUSE-2021-759)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for djvulibre fixes the following issues :

  - CVE-2021-32490 [bsc#1185895]: Out of bounds write in
    function DJVU:filter_bv() via crafted djvu file

  - CVE-2021-32491 [bsc#1185900]: Integer overflow in
    function render() in tools/ddjvu via crafted djvu file

  - CVE-2021-32492 [bsc#1185904]: Out of bounds read in
    function DJVU:DataPool:has_data() via crafted djvu file

  - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in
    function DJVU:GBitmap:decode() via crafted djvu file

This update was imported from the SUSE:SLE-15-SP2:Update update
project.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1185895");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1185900");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1185904");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1185905");
  script_set_attribute(attribute:"solution", value:
"Update the affected djvulibre packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-32493");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:djvulibre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:djvulibre-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:djvulibre-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdjvulibre-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdjvulibre21");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdjvulibre21-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.2", reference:"djvulibre-3.5.27-lp152.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"djvulibre-debuginfo-3.5.27-lp152.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"djvulibre-debugsource-3.5.27-lp152.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libdjvulibre-devel-3.5.27-lp152.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libdjvulibre21-3.5.27-lp152.7.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libdjvulibre21-debuginfo-3.5.27-lp152.7.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "djvulibre / djvulibre-debuginfo / djvulibre-debugsource / etc");
}
VendorProductVersionCPE
novellopensuse15.2cpe:/o:novell:opensuse:15.2
novellopensusedjvulibrep-cpe:/a:novell:opensuse:djvulibre
novellopensusedjvulibre-debuginfop-cpe:/a:novell:opensuse:djvulibre-debuginfo
novellopensusedjvulibre-debugsourcep-cpe:/a:novell:opensuse:djvulibre-debugsource
novellopensuselibdjvulibre-develp-cpe:/a:novell:opensuse:libdjvulibre-devel
novellopensuselibdjvulibre21p-cpe:/a:novell:opensuse:libdjvulibre21
novellopensuselibdjvulibre21-debuginfop-cpe:/a:novell:opensuse:libdjvulibre21-debuginfo

Related

openvas 14
nessus 11
suse 2
archlinux 1
osv 4
fedora 2
cloudfoundry 1
ubuntu 2
mageia 1
debian 2
veracode 4
cvelist 4
debiancve 4
cve 4
redhatcve 2
prion 4
alpinelinux 4
ubuntucve 4
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1641-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for djvulibre (openSUSE-SU-2021:0759-1)
2021-05-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1649-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : djvulibre (SUSE-SU-2021:1641-1)
2021-05-20 00:00:00
openSUSE 15 Security Update : djvulibre (openSUSE-SU-2021:1641-1)
2021-07-16 00:00:00
SUSE SLES15 Security Update : djvulibre (SUSE-SU-2021:1649-1)
2021-05-20 00:00:00
suse
suse
Security update for djvulibre (important)
2021-07-11 00:00:00
Security update for djvulibre (important)
2021-05-22 00:00:00
archlinux
archlinux
[ASA-202105-18] djvulibre: arbitrary code execution
2021-05-25 00:00:00
osv
osv
djvulibre vulnerabilities
2021-05-18 14:39:10
djvulibre vulnerabilities
2021-05-17 17:11:40
djvulibre - security update
2021-05-26 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: mingw-djvulibre-3.5.27-12.fc34
2021-06-04 01:13:39
[SECURITY] Fedora 33 Update: mingw-djvulibre-3.5.27-12.fc33
2021-06-04 01:04:02
cloudfoundry
cloudfoundry
USN-4957-1: DjVuLibre vulnerabilities | Cloud Foundry
2021-06-11 00:00:00
ubuntu
ubuntu
DjVuLibre vulnerabilities
2021-05-17 00:00:00
DjVuLibre vulnerabilities
2021-05-18 00:00:00
mageia
mageia
Updated djvulibre packages fix security vulnerabilities
2021-06-14 00:32:39
debian
debian
[SECURITY] [DLA 2667-1] djvulibre security update
2021-05-26 16:02:19
[SECURITY] [DSA 5032-1] djvulibre security update
2021-12-28 14:41:45
veracode
veracode
Denial Of Service
2021-08-06 14:08:23
Denial Of Service (DoS)
2021-08-06 14:08:22
Denial Of Service
2021-08-06 14:08:29
cvelist
cvelist
CVE-2021-32493
2021-06-24 18:24:44
CVE-2021-32490
2021-06-24 18:18:00
CVE-2021-32491
2021-06-24 18:11:42
debiancve
debiancve
CVE-2021-32493
2021-06-24 19:15:00
CVE-2021-32492
2021-06-24 19:15:00
CVE-2021-32490
2021-06-24 19:15:00
cve
cve
CVE-2021-32490
2021-06-24 19:15:00
CVE-2021-32492
2021-06-24 19:15:00
CVE-2021-32493
2021-06-24 19:15:00
redhatcve
redhatcve
CVE-2021-32492
2022-05-20 23:17:01
CVE-2021-32491
2022-05-20 23:11:02
prion
prion
Heap overflow
2021-06-24 19:15:00
Out-of-bounds
2021-06-24 19:15:00
Out-of-bounds
2021-06-24 19:15:00
alpinelinux
alpinelinux
CVE-2021-32490
2021-06-24 19:15:00
CVE-2021-32492
2021-06-24 19:15:00
CVE-2021-32491
2021-06-24 19:15:00
ubuntucve
ubuntucve
CVE-2021-32490
2021-05-11 00:00:00
CVE-2021-32492
2021-05-11 00:00:00
CVE-2021-32493
2021-05-11 00:00:00
JSON
Related for OPENSUSE-2021-759.NASL
openvas14nessus11suse2archlinux1osv4fedora2cloudfoundry1ubuntu2mageia1debian2veracode4cvelist4debiancve4cve4redhatcve2prion4alpinelinux4ubuntucve4