Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20131210_LIBJPEG_TURBO_ON_SL6_X.NASL
HistoryDec 11, 2013 - 12:00 a.m.

Scientific Linux Security Update : libjpeg-turbo on SL6.x i386/x86_64 (20131210)

2013-12-1100:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71339);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2013-6629", "CVE-2013-6630");

  script_name(english:"Scientific Linux Security Update : libjpeg-turbo on SL6.x i386/x86_64 (20131210)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An uninitialized memory read issue was found in the way libjpeg-turbo
decoded images with missing Start Of Scan (SOS) JPEG markers or Define
Huffman Table (DHT) JPEG markers. A remote attacker could create a
specially crafted JPEG image that, when decoded, could possibly lead
to a disclosure of potentially sensitive information. (CVE-2013-6629,
CVE-2013-6630)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=3457
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?59cba3a7"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libjpeg-turbo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libjpeg-turbo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libjpeg-turbo-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libjpeg-turbo-static");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"libjpeg-turbo-1.2.1-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"libjpeg-turbo-debuginfo-1.2.1-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"libjpeg-turbo-devel-1.2.1-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"libjpeg-turbo-static-1.2.1-3.el6_5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo / libjpeg-turbo-debuginfo / libjpeg-turbo-devel / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxlibjpeg-turbop-cpe:/a:fermilab:scientific_linux:libjpeg-turbo
fermilabscientific_linuxlibjpeg-turbo-debuginfop-cpe:/a:fermilab:scientific_linux:libjpeg-turbo-debuginfo
fermilabscientific_linuxlibjpeg-turbo-develp-cpe:/a:fermilab:scientific_linux:libjpeg-turbo-devel
fermilabscientific_linuxlibjpeg-turbo-staticp-cpe:/a:fermilab:scientific_linux:libjpeg-turbo-static
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

fedora 6
openvas 47
nessus 62
redhat 4
ubuntu 3
amazon 1
centos 2
oraclelinux 2
securityvulns 6
veracode 15
gentoo 1
mozilla 1
mageia 2
cvelist 2
f5 4
debiancve 2
prion 2
ubuntucve 2
cve 2
mskb 9
mscve 1
kaspersky 3
symantec 1
slackware 1
ibm 7
threatpost 1
freebsd 2
chrome 1
debian 2
osv 1
suse 4
fedora
fedora
[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19
2014-01-10 07:56:56
[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19
2014-06-10 03:13:25
[SECURITY] Fedora 20 Update: libjpeg-turbo-1.3.0-2.fc20
2013-12-24 03:42:20
openvas
openvas
CentOS Update for libjpeg-turbo CESA-2013:1803 centos6
2013-12-17 00:00:00
Ubuntu: Security Advisory (USN-2060-1)
2013-12-23 00:00:00
Mageia: Security Advisory (MGASA-2013-0333)
2022-01-28 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libjpeg (MDVSA-2013:273)
2013-11-22 00:00:00
CentOS 6 : libjpeg-turbo (CESA-2013:1803)
2013-12-10 00:00:00
GLSA-201606-03 : libjpeg-turbo: Multiple vulnerabilities
2016-06-06 00:00:00
redhat
redhat
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
Thunderbird vulnerabilities
2013-12-11 00:00:00
Firefox vulnerabilities
2013-12-11 00:00:00
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
centos
centos
libjpeg security update
2013-12-10 01:01:49
libjpeg security update
2013-12-10 00:47:48
oraclelinux
oraclelinux
libjpeg-turbo security update
2013-12-09 00:00:00
libjpeg security update
2013-12-09 00:00:00
securityvulns
securityvulns
bugs in IJG jpeg6b &amp; libjpeg-turbo
2013-12-09 00:00:00
[ MDVSA-2013:274 ] libjpeg
2013-11-26 00:00:00
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
veracode
veracode
Sensitive Information Disclosure
2019-05-02 05:00:31
Information Disclosure
2019-01-15 08:53:01
Arbitrary File Overwrite
2019-05-02 04:58:06
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
Updated chromium-browser-stable packages fix multiple vulnerabilities
2013-11-13 23:09:45
cvelist
cvelist
CVE-2013-6630
2013-11-15 20:00:00
CVE-2013-6629
2013-11-15 20:00:00
f5
f5
K62655427 : libjpeg-turbo vulnerability CVE-2013-6630
2016-02-19 00:00:00
SOL62655427 - libjpeg-turbo vulnerability CVE-2013-6630
2016-02-18 00:00:00
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
debiancve
debiancve
CVE-2013-6630
2013-11-19 04:50:00
CVE-2013-6629
2013-11-19 04:50:00
prion
prion
Memory corruption
2013-11-19 04:50:00
Design/Logic Flaw
2013-11-19 04:50:00
ubuntucve
ubuntucve
CVE-2013-6630
2013-11-18 00:00:00
CVE-2013-6629
2013-11-18 00:00:00
cve
cve
CVE-2013-6630
2013-11-19 04:50:00
CVE-2013-6629
2013-11-19 04:50:00
mskb
mskb
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update 2017-04-11
2017-04-11 07:00:00
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
kaspersky
kaspersky
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
ibm
ibm
Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.
2022-11-17 15:02:38
Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)
2021-04-28 18:35:50
Security Bulletin: SiteProtector System can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2013-6954, CVE-2013-6629, CVE-2014-2421, CVE-2014-0453, CVE-2014-1876, CVE-2014-4244, CVE-2014-4263) and in Tomcat (CVE-2014-0075)
2018-06-16 21:19:16
threatpost
threatpost
12 Flaws Fixed in Google Chrome
2013-11-12 13:17:53
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-11-12 00:00:00
mozilla -- multiple vulnerabilities
2013-12-09 00:00:00
chrome
chrome
Stable Channel Update
2013-11-12 00:00:00
debian
debian
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:43:07
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
osv
osv
chromium-browser - several
2013-11-16 00:00:00
suse
suse
chromium: update to 31.0.1650.57 (important)
2013-11-27 20:04:35
Mozilla updates 2013/12 (important)
2013-12-13 15:04:36
chromium: 31.0.1650.57 version update (important)
2013-11-27 20:04:13
JSON
Related for SL_20131210_LIBJPEG_TURBO_ON_SL6_X.NASL
fedora6openvas47nessus62redhat4ubuntu3amazon1centos2oraclelinux2securityvulns6veracode15gentoo1mozilla1mageia2cvelist2f54debiancve2prion2ubuntucve2cve2mskb9mscve1kaspersky3symantec1slackware1ibm7threatpost1freebsd2chrome1debian2osv1suse4