Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016 Tenable Network Security, Inc.SUSE_42_1_4789-160306.NASL
HistoryMar 07, 2016 - 12:00 a.m.

openSUSE Security Update : 4789 (4789-1) (deprecated)

2016-03-0700:00:00
This script is Copyright (C) 2016 Tenable Network Security, Inc.
www.tenable.com
9

0.016 Low

EPSS

Percentile

86.1%

JSON

Chromium was updated to 49.0.2623.75 to fix the following security issues: (boo#969333)

  • CVE-2016-1630: Same-origin bypass in Blink

  • CVE-2016-1631: Same-origin bypass in Pepper Plugin

  • CVE-2016-1632: Bad cast in Extensions

  • CVE-2016-1633: Use-after-free in Blink

  • CVE-2016-1634: Use-after-free in Blink

  • CVE-2016-1635: Use-after-free in Blink

  • CVE-2016-1636: SRI Validation Bypass

  • CVE-2015-8126: Out-of-bounds access in libpng

  • CVE-2016-1637: Information Leak in Skia

  • CVE-2016-1638: WebAPI Bypass

  • CVE-2016-1639: Use-after-free in WebRTC

  • CVE-2016-1640: Origin confusion in Extensions UI

  • CVE-2016-1641: Use-after-free in Favicon

  • CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives

  • Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)

This plugin has been renamed to openSUSE-2016-664.nasl, plugin ID 90107.

#%NASL_MIN_LEVEL 999999

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2016/03/23. Deprecated by openSUSE-2016-664.nasl.

include("compat.inc");

if (description)
{
  script_id(89721);
  script_version("2.6");
  script_cvs_date("Date: 2018/07/20  0:18:55");

  script_cve_id("CVE-2015-8126", "CVE-2016-1630", "CVE-2016-1631", "CVE-2016-1632", "CVE-2016-1633", "CVE-2016-1634", "CVE-2016-1635", "CVE-2016-1636", "CVE-2016-1637", "CVE-2016-1638", "CVE-2016-1639", "CVE-2016-1640", "CVE-2016-1641", "CVE-2016-1642");

  script_name(english:"openSUSE Security Update : 4789 (4789-1) (deprecated)");
  script_summary(english:"Check for the 4789-1 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"This plugin has been deprecated."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Chromium was updated to 49.0.2623.75 to fix the following security
issues: (boo#969333)

  - CVE-2016-1630: Same-origin bypass in Blink

  - CVE-2016-1631: Same-origin bypass in Pepper Plugin

  - CVE-2016-1632: Bad cast in Extensions

  - CVE-2016-1633: Use-after-free in Blink

  - CVE-2016-1634: Use-after-free in Blink

  - CVE-2016-1635: Use-after-free in Blink

  - CVE-2016-1636: SRI Validation Bypass

  - CVE-2015-8126: Out-of-bounds access in libpng

  - CVE-2016-1637: Information Leak in Skia

  - CVE-2016-1638: WebAPI Bypass

  - CVE-2016-1639: Use-after-free in WebRTC

  - CVE-2016-1640: Origin confusion in Extensions UI

  - CVE-2016-1641: Use-after-free in Favicon

  - CVE-2016-1642: Various fixes from internal audits,
    fuzzing and other initiatives

  - Multiple vulnerabilities in V8 fixed at the tip of the
    4.9 branch (currently 4.9.385.26)

This plugin has been renamed to openSUSE-2016-664.nasl, plugin ID
90107."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969333"
  );
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}

exit(0, "This plugin has been deprecated. Use openSUSE-2016-664.nasl (plugin ID 90107) instead.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"chromedriver-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromedriver-debuginfo-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-debuginfo-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-debugsource-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-desktop-gnome-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-desktop-kde-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-ffmpegsumo-49.0.2623.75-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"chromium-ffmpegsumo-debuginfo-49.0.2623.75-27.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
}
VendorProductVersionCPE
novellopensusechromedriverp-cpe:/a:novell:opensuse:chromedriver
novellopensusechromedriver-debuginfop-cpe:/a:novell:opensuse:chromedriver-debuginfo
novellopensusechromiump-cpe:/a:novell:opensuse:chromium
novellopensusechromium-debuginfop-cpe:/a:novell:opensuse:chromium-debuginfo
novellopensusechromium-debugsourcep-cpe:/a:novell:opensuse:chromium-debugsource
novellopensusechromium-desktop-gnomep-cpe:/a:novell:opensuse:chromium-desktop-gnome
novellopensusechromium-desktop-kdep-cpe:/a:novell:opensuse:chromium-desktop-kde
novellopensusechromium-ffmpegsumop-cpe:/a:novell:opensuse:chromium-ffmpegsumo
novellopensusechromium-ffmpegsumo-debuginfop-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo
novellopensuse42.1cpe:/o:novell:opensuse:42.1

Related

suse 6
debian 3
nessus 52
chrome 1
openvas 31
archlinux 4
osv 2
redhat 2
freebsd 2
kaspersky 1
ubuntu 1
mageia 2
cve 14
prion 14
ubuntucve 15
seebug 3
debiancve 15
fedora 14
veracode 2
f5 4
amazon 1
ibm 6
slackware 2
oraclelinux 1
centos 1
suse
suse
Security update for Chromium (important)
2016-03-06 17:12:11
Security update for Chromium (important)
2016-03-11 22:11:41
Security update for Chromium (important)
2016-03-06 17:11:45
debian
debian
[SECURITY] [DSA 3507-1] chromium-browser security update
2016-03-05 21:22:56
[SECURITY] [DSA 3507-1] chromium-browser security update
2016-03-05 21:22:56
[SECURITY] [DSA 3399-1] libpng security update
2015-11-18 19:55:41
nessus
nessus
RHEL 6 : chromium-browser (RHSA-2016:0359)
2016-03-07 00:00:00
Google Chrome < 49.0.2623.75 Multiple Vulnerabilities (Mac OS X)
2016-03-04 00:00:00
openSUSE Security Update : Chromium (openSUSE-2016-664)
2016-03-23 00:00:00
chrome
chrome
Stable Channel Update
2016-03-02 00:00:00
openvas
openvas
openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:0664-1)
2016-03-07 00:00:00
openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:0729-1)
2016-03-12 00:00:00
Debian Security Advisory DSA 3507-1 (chromium-browser - security update)
2016-03-05 00:00:00
archlinux
archlinux
chromium: multiple issues
2016-03-03 00:00:00
libpng: buffer overflow
2015-12-28 00:00:00
libpng: multiple issues
2015-11-17 00:00:00
osv
osv
chromium-browser - security update
2016-03-05 00:00:00
libpng - security update
2015-11-18 00:00:00
redhat
redhat
(RHSA-2016:0359) Important: chromium-browser security update
2016-03-07 00:00:00
(RHSA-2015:2596) Moderate: libpng security update
2015-12-09 13:26:42
freebsd
freebsd
chromium -- multiple vulnerabilities
2016-03-02 00:00:00
libpng buffer overflow in png_set_PLTE
2015-11-15 00:00:00
kaspersky
kaspersky
KLA10764 Multiple vulnerabilities in Google Chrome
2016-03-02 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2016-03-10 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2016-03-31 23:22:34
Updated libpng/libpng12 packages fix security vulnerability
2015-11-20 01:08:19
cve
cve
CVE-2016-1631
2016-03-06 02:59:00
CVE-2016-1639
2016-03-06 02:59:00
CVE-2016-1638
2016-03-06 02:59:00
prion
prion
Design/Logic Flaw
2016-03-06 02:59:00
Memory corruption
2016-03-06 02:59:00
Design/Logic Flaw
2016-03-06 02:59:00
ubuntucve
ubuntucve
CVE-2016-1632
2016-03-06 00:00:00
CVE-2016-1638
2016-03-06 00:00:00
CVE-2016-1630
2016-03-05 00:00:00
seebug
seebug
Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)
2017-04-24 00:00:00
Chrome the improper use of Flash message loop leads to the UXSS Vulnerability, CVE-2016-1631)
2016-11-21 00:00:00
Chrome Universal XSS using Flash message loop (CVE-2016-1631)
2017-04-24 00:00:00
debiancve
debiancve
CVE-2016-1639
2016-03-06 02:59:00
CVE-2016-1631
2016-03-06 02:59:00
CVE-2016-1640
2016-03-06 02:59:00
fedora
fedora
[SECURITY] Fedora 23 Update: mingw-libpng-1.6.19-1.fc23
2015-11-27 18:24:08
[SECURITY] Fedora 23 Update: mingw-libpng-1.6.21-1.fc23
2016-02-17 04:02:12
[SECURITY] Fedora 22 Update: mingw-libpng-1.6.19-1.fc22
2015-11-27 20:53:25
veracode
veracode
Buffer Overflow
2017-02-08 02:19:46
Denial-of-Service (DoS) Via Embedded Dependency
2017-02-27 07:42:41
f5
f5
K76930736 : Libpng vulnerability CVE-2015-8126
2015-12-19 00:00:00
SOL76930736 - Libpng vulnerability CVE-2015-8126
2015-12-18 00:00:00
SOL81903701 - Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00
amazon
amazon
Medium: libpng
2015-11-23 13:43:00
ibm
ibm
Security Bulletin: Vulnerabilities in libpng affect Rational DOORS (CVE-2015-8126, CVE-2015-8472)
2020-05-01 08:19:24
Security Bulletin: Vulnerabilities in libpng affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-8126 CVE-2015-7981)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in libpng affect IBM Integrated Management Module (IMM) (CVE-2015-7981, CVE-2015-8126)
2023-04-14 14:32:25
slackware
slackware
[slackware-security] libpng
2015-12-03 08:20:21
[slackware-security] libpng
2015-12-16 06:25:09
oraclelinux
oraclelinux
libpng security update
2015-12-09 00:00:00
centos
centos
libpng security update
2015-12-09 19:21:36

0.016 Low

EPSS

Percentile

86.1%

JSON
Related for SUSE_42_1_4789-160306.NASL
suse6debian3nessus52chrome1openvas31archlinux4osv2redhat2freebsd2kaspersky1ubuntu1mageia2cve14prion14ubuntucve15seebug3debiancve15fedora14veracode2f54amazon1ibm6slackware2oraclelinux1centos1