Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2024-0137-1.NASLHistoryMay 24, 2024 - 12:00 a.m.
openSUSE 15 Security Update : chromium (openSUSE-SU-2024:0137-1)
2024-05-2400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
opensuse 15
security update
chromium
multiple vulnerabilities
cve-2024-5157
use after free
v8
heap buffer overflow
angle
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0137-1 advisory.
- Chromium 125.0.6422.76 (boo#1224818)
* CVE-2024-5157: Use after free in Scheduling
* CVE-2024-5158: Type Confusion in V8
* CVE-2024-5159: Heap buffer overflow in ANGLE
* CVE-2024-5160: Heap buffer overflow in Dawn
* Various fixes from internal audits, fuzzing and other initiatives
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2024:0137-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(197887);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/24");
script_cve_id(
"CVE-2024-5157",
"CVE-2024-5158",
"CVE-2024-5159",
"CVE-2024-5160"
);
script_name(english:"openSUSE 15 Security Update : chromium (openSUSE-SU-2024:0137-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the
openSUSE-SU-2024:0137-1 advisory.
- Chromium 125.0.6422.76 (boo#1224818)
* CVE-2024-5157: Use after free in Scheduling
* CVE-2024-5158: Type Confusion in V8
* CVE-2024-5159: Heap buffer overflow in ANGLE
* CVE-2024-5160: Heap buffer overflow in Dawn
* Various fixes from internal audits, fuzzing and other initiatives
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1224818");
# https://lists.opensuse.org/archives/list/[email protected]/thread/OUHQT3H7SVUMWPOBHPV62RCKTAJROHUB/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d0f6702");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-5157");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-5158");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-5159");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-5160");
script_set_attribute(attribute:"solution", value:
"Update the affected chromedriver and / or chromium packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-5160");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.5");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/SuSE/release');
if (isnull(os_release) || os_release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var _os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:os_release);
if (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
_os_ver = _os_ver[1];
if (os_release !~ "^(SUSE15\.5)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.5', os_release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);
var pkgs = [
{'reference':'chromedriver-125.0.6422.76-bp155.2.85.2', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromedriver-125.0.6422.76-bp155.2.85.2', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromium-125.0.6422.76-bp155.2.85.2', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromium-125.0.6422.76-bp155.2.85.2', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5160
www.nessus.org/u?2d0f6702
bugzilla.suse.com/1224818
www.suse.com/security/cve/CVE-2024-5157
www.suse.com/security/cve/CVE-2024-5158
www.suse.com/security/cve/CVE-2024-5159
www.suse.com/security/cve/CVE-2024-5160
Related
nessus
nessus
Google Chrome < 125.0.6422.76 Multiple Vulnerabilities
2024-05-21 00:00:00
Fedora 39 : chromium (2024-87bb7ffab1)
2024-05-23 00:00:00
Fedora 40 : chromium (2024-44edce9689)
2024-05-23 00:00:00
openvas
openvas
Google Chrome Security Update(stable-channel-update-for-desktop_21-2024-05) - Mac OS X
2024-05-22 00:00:00
Debian: Security Advisory (DSA-5696-1)
2024-05-23 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2024-05-26 02:39:14
debian
debian
[SECURITY] [DSA 5696-1] chromium security update
2024-05-22 16:57:11
osv
osv
chromium - security update
2024-05-22 00:00:00
CVE-2024-5160
2024-05-22 16:15:11
CVE-2024-5159
2024-05-22 16:15:11
fedora
fedora
[SECURITY] Fedora 39 Update: chromium-125.0.6422.76-1.fc39
2024-05-24 01:04:15
[SECURITY] Fedora 40 Update: chromium-125.0.6422.76-1.fc40
2024-05-23 01:09:35
kaspersky
kaspersky
KLA67728 Multiple vulnerabilities in Google Chrome
2024-05-21 00:00:00
KLA68206 Multiple vulnerabilities in Microsoft Browser
2024-05-25 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2024-05-21 00:00:00
freebsd
freebsd
chromium -- multiple security fixes
2024-05-21 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
cvelist
cvelist
vulnrichment
vulnrichment
mscve
mscve
Chromium: CVE-2024-5160 Heap buffer overflow in Dawn
2024-05-25 07:00:00
Chromium: CVE-2024-5157 Use after free in Scheduling
2024-05-25 07:00:00
Chromium: CVE-2024-5159 Heap buffer overflow in ANGLE
2024-05-25 07:00:00
nvd
nvd
wolfi
wolfi
CVE-2024-5160 vulnerabilities
2024-06-27 21:08:32
CVE-2024-5158 vulnerabilities
2024-06-27 21:08:32
CVE-2024-5159 vulnerabilities
2024-06-27 21:08:32
veracode
veracode
Heap Buffer Overflow
2024-05-30 01:41:36
Heap Buffer Overflow
2024-05-30 01:50:04
Type Confusion
2024-05-30 01:49:15
cve
cve
redos
redos
ROS-20240627-01
2024-06-27 00:00:00
8.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for OPENSUSE-2024-0137-1.NASL