Scientific Linux Security Update : pcre on SL7.x x86_64 (20150305)

🗓️ 26 Mar 2015 00:00:00Reported by TenableType

Scientific Linux Security Update pcre on SL7.x x86_64 (20150305). Malformed regular expressions flaw fixed. Adds support for little-endian variant of IBM Power Systems

Reporter	Title	Published	Views	Family All 116
Amazon	Low: pcre	27 May 201500:00	–	amazon
Tenable Nessus	Amazon Linux AMI : pcre (ALAS-2015-528)	29 May 201500:00	–	nessus
Tenable Nessus	CentOS 7 : pcre (CESA-2015:0330)	18 Mar 201500:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : pcre (EulerOS-SA-2019-1558)	15 May 201900:00	–	nessus
Tenable Nessus	Fedora 21 : pcre-8.35-8.fc21 (2014-15573)	15 Dec 201400:00	–	nessus
Tenable Nessus	Fedora 20 : pcre-8.33-8.fc20 (2014-16215)	22 Dec 201400:00	–	nessus
Tenable Nessus	Fedora 19 : pcre-8.32-12.fc19 (2014-16224)	22 Dec 201400:00	–	nessus
Tenable Nessus	Fedora 20 : mingw-pcre-8.33-4.fc20 (2014-17624)	6 Jan 201500:00	–	nessus
Tenable Nessus	Fedora 19 : mingw-pcre-8.33-4.fc19 (2014-17626)	6 Jan 201500:00	–	nessus
Tenable Nessus	Fedora 21 : mingw-pcre-8.35-1.fc21 (2014-17642)	6 Jan 201500:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82259);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-8964");

  script_name(english:"Scientific Linux Security Update : pcre on SL7.x x86_64 (20150305)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was found in the way PCRE handled certain malformed regular
expressions. This issue could cause an application (for example,
Konqueror) linked against PCRE to crash while parsing malicious
regular expressions. (CVE-2014-8964)

This update also adds the following enhancement :

  - Support for the little-endian variant of IBM Power
    Systems has been added to the pcre packages."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=2408
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3c75a4df"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pcre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pcre-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pcre-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pcre-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pcre-tools");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pcre-8.32-14.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pcre-debuginfo-8.32-14.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pcre-devel-8.32-14.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pcre-static-8.32-14.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pcre-tools-8.32-14.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre / pcre-debuginfo / pcre-devel / pcre-static / pcre-tools");
}

14 Jan 2021 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 25

EPSS0.06505