Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2014-1729-1.NASL
HistoryMay 20, 2015 - 12:00 a.m.

SUSE SLED12 Security Update : libreoffice (SUSE-SU-2014:1729-1)

2015-05-2000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.063 Low

EPSS

Percentile

93.6%

JSON

This libreoffice update fixes the following security and non security issues :

  • Version bump to 4.3.5 release :

  • Various small fixes

  • Fix for CVE-2014-9093 bnc#907636

  • Remove dangling symlinks from previous versions bnc#884942

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:1729-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(83656);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-9093");
  script_bugtraq_id(71313);

  script_name(english:"SUSE SLED12 Security Update : libreoffice (SUSE-SU-2014:1729-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This libreoffice update fixes the following security and non security
issues :

  - Version bump to 4.3.5 release :

  - Various small fixes

  - Fix for CVE-2014-9093 bnc#907636

  - Remove dangling symlinks from previous versions
    bnc#884942

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=884942"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=907636"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-9093/"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20141729-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?de3c7404"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2014-125

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2014-125

SUSE Linux Enterprise Build System Kit 12 :

zypper in -t patch SUSE-SLE-BSK-12-2014-125

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-calc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-calc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-calc-extensions");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-draw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-draw-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-filters-optional");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-gnome-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-impress");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-impress-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-mailmerge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-math");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-math-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-officebean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-officebean-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-pyuno");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-pyuno-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-writer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-writer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libreoffice-writer-extensions");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-base-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-base-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-base-drivers-mysql-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-base-drivers-mysql-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-base-drivers-postgresql-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-base-drivers-postgresql-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-calc-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-calc-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-calc-extensions-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-debugsource-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-draw-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-draw-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-filters-optional-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-gnome-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-gnome-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-impress-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-impress-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-mailmerge-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-math-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-math-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-officebean-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-officebean-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-pyuno-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-pyuno-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-writer-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-writer-debuginfo-4.3.5.2-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libreoffice-writer-extensions-4.3.5.2-10.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreoffice");
}
VendorProductVersionCPE
novellsuse_linuxlibreofficep-cpe:/a:novell:suse_linux:libreoffice
novellsuse_linuxlibreoffice-basep-cpe:/a:novell:suse_linux:libreoffice-base
novellsuse_linuxlibreoffice-base-debuginfop-cpe:/a:novell:suse_linux:libreoffice-base-debuginfo
novellsuse_linuxlibreoffice-base-drivers-mysqlp-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql
novellsuse_linuxlibreoffice-base-drivers-mysql-debuginfop-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql-debuginfo
novellsuse_linuxlibreoffice-base-drivers-postgresqlp-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql
novellsuse_linuxlibreoffice-base-drivers-postgresql-debuginfop-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql-debuginfo
novellsuse_linuxlibreoffice-calcp-cpe:/a:novell:suse_linux:libreoffice-calc
novellsuse_linuxlibreoffice-calc-debuginfop-cpe:/a:novell:suse_linux:libreoffice-calc-debuginfo
novellsuse_linuxlibreoffice-calc-extensionsp-cpe:/a:novell:suse_linux:libreoffice-calc-extensions
Rows per page:
1-10 of 301

Related

nessus 11
securityvulns 3
prion 1
debian 2
ubuntucve 1
nvd 1
kaspersky 1
cvelist 1
cve 1
openvas 6
osv 1
debiancve 1
ubuntu 1
gentoo 1
nessus
nessus
LibreOffice < 4.2.8 / 4.3.5 RTF File Handling Code Execution
2015-01-19 00:00:00
LibreOffice < 4.2.8 / 4.3.5 RTF File Handling Code Execution (Mac OS X)
2015-01-19 00:00:00
openSUSE Security Update : libreoffice (openSUSE-SU-2014:1727-1)
2014-12-30 00:00:00
securityvulns
securityvulns
LibreOffice memory corruption
2015-02-22 00:00:00
[SECURITY] [DSA 3163-1] libreoffice security update
2015-02-22 00:00:00
[USN-2578-1] LibreOffice vulnerabilities
2015-05-05 00:00:00
prion
prion
Design/Logic Flaw
2014-11-26 15:59:00
debian
debian
[SECURITY] [DSA 3163-1] libreoffice security update
2015-02-19 13:03:15
[SECURITY] [DSA 3163-1] libreoffice security update
2015-02-19 13:03:15
ubuntucve
ubuntucve
CVE-2014-9093
2014-11-26 00:00:00
nvd
nvd
CVE-2014-9093
2014-11-26 15:59:09
kaspersky
kaspersky
KLA10444 DoS vulnerability in LibreOffice
2014-11-26 00:00:00
cvelist
cvelist
CVE-2014-9093
2014-11-26 15:00:00
cve
cve
CVE-2014-9093
2014-11-26 15:59:09
openvas
openvas
Debian: Security Advisory (DSA-3163-1)
2015-02-18 00:00:00
Debian Security Advisory DSA 3163-1 (libreoffice - security update)
2015-02-19 00:00:00
LibreOffice RTF File Handling Multiple Vulnerabilities (Nov 2014) - Mac OS X
2014-11-28 00:00:00
osv
osv
libreoffice - security update
2015-02-19 00:00:00
debiancve
debiancve
CVE-2014-9093
2014-11-26 15:59:09
ubuntu
ubuntu
LibreOffice vulnerabilities
2015-04-27 00:00:00
gentoo
gentoo
LibreOffice, OpenOffice: Multiple vulnerabilities
2016-03-09 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.063 Low

EPSS

Percentile

93.6%

JSON
Related for SUSE_SU-2014-1729-1.NASL
nessus11securityvulns3prion1debian2ubuntucve1nvd1kaspersky1cvelist1cve1openvas6osv1debiancve1ubuntu1gentoo1