The following packages have been upgraded to a newer upstream version:
graphite2 (1.3.10).
Security Fix(es) :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(101925);
script_version("3.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id("CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778");
script_name(english:"Scientific Linux Security Update : graphite2 on SL7.x x86_64 (20170721)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"The following packages have been upgraded to a newer upstream version:
graphite2 (1.3.10).
Security Fix(es) :
- Various vulnerabilities have been discovered in
Graphite2. An attacker able to trick an unsuspecting
user into opening specially crafted font files in an
application using Graphite2 could exploit these flaws to
disclose potentially sensitive memory, cause an
application crash, or, possibly, execute arbitrary code.
(CVE-2017-7771, CVE-2017-7772, CVE-2017-7773,
CVE-2017-7774, CVE-2017-7776,
CVE-2017-7777, CVE-2017-7778)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707&L=scientific-linux-errata&F=&S=&P=10939
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?055f4c6d"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected graphite2, graphite2-debuginfo and / or
graphite2-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:graphite2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:graphite2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:graphite2-devel");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2017/07/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/24");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"graphite2-1.3.10-1.el7_3")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"graphite2-debuginfo-1.3.10-1.el7_3")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"graphite2-devel-1.3.10-1.el7_3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphite2 / graphite2-debuginfo / graphite2-devel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fermilab | scientific_linux | graphite2 | p-cpe:/a:fermilab:scientific_linux:graphite2 |
fermilab | scientific_linux | graphite2-debuginfo | p-cpe:/a:fermilab:scientific_linux:graphite2-debuginfo |
fermilab | scientific_linux | graphite2-devel | p-cpe:/a:fermilab:scientific_linux:graphite2-devel |
fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
www.nessus.org/u?055f4c6d