Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-2828-1.NASL
HistoryNov 17, 2016 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)

2016-11-1700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
38

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.019

Percentile

88.6%

JSON

This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11 :

  • CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes :

  • CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi :

  • CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst :

  • CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv :

  • CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC :

  • CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender :

  • CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr :

  • CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:2828-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94939);
  script_version("3.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2016-5407", "CVE-2016-7942", "CVE-2016-7944", "CVE-2016-7945", "CVE-2016-7946", "CVE-2016-7947", "CVE-2016-7948", "CVE-2016-7949", "CVE-2016-7950", "CVE-2016-7951", "CVE-2016-7952", "CVE-2016-7953");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for the X Window System client libraries fixes a class of
privilege escalation issues. A malicious X Server could send specially
crafted data to X clients, which allowed for triggering crashes, or
privilege escalation if this relationship was untrusted or crossed
user or permission level boundaries. libX11, libXfixes, libXi,
libXrandr, libXrender, libXtst, libXv, libXvMC were fixed,
specifically: libX11 :

  - CVE-2016-7942: insufficient validation of data from the
    X server allowed out of boundary memory read
    (bsc#1002991) libXfixes :

  - CVE-2016-7944: insufficient validation of data from the
    X server can cause an integer overflow on 32 bit
    architectures (bsc#1002995) libXi :

  - CVE-2016-7945, CVE-2016-7946: insufficient validation of
    data from the X server can cause out of boundary memory
    access or endless loops (Denial of Service)
    (bsc#1002998) libXtst :

  - CVE-2016-7951, CVE-2016-7952: insufficient validation of
    data from the X server can cause out of boundary memory
    access or endless loops (Denial of Service)
    (bsc#1003012) libXv :

  - CVE-2016-5407: insufficient validation of data from the
    X server can cause out of boundary memory and memory
    corruption (bsc#1003017) libXvMC :

  - CVE-2016-7953: insufficient validation of data from the
    X server can cause a one byte buffer read underrun
    (bsc#1003023) libXrender :

  - CVE-2016-7949, CVE-2016-7950: insufficient validation of
    data from the X server can cause out of boundary memory
    writes (bsc#1003002) libXrandr :

  - CVE-2016-7947, CVE-2016-7948: insufficient validation of
    data from the X server can cause out of boundary memory
    writes (bsc#1003000)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002991"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002998"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1003000"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1003002"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1003012"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1003017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1003023"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-5407/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7942/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7944/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7945/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7946/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7947/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7948/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7949/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7950/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7951/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7952/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7953/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20162828-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?361947b7"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2016-1668=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2016-1668=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2016-1668=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2016-1668=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libX11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libX11-6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libX11-6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libX11-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libX11-xcb1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libX11-xcb1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXfixes-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXfixes3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXfixes3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXi-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXi6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXi6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXrender-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXrender1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXrender1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXtst-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXtst6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXtst6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXv-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXv1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXv1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXvMC-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXvMC1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libXvMC1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-6-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-6-debuginfo-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-debugsource-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-debuginfo-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXfixes-debugsource-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXfixes3-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXfixes3-debuginfo-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXi-debugsource-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXi6-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXi6-debuginfo-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXrender-debugsource-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXrender1-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXrender1-debuginfo-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXtst-debugsource-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXtst6-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXtst6-debuginfo-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXv-debugsource-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXv1-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXv1-debuginfo-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXvMC-debugsource-1.0.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXvMC1-1.0.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXvMC1-debuginfo-1.0.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-6-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-6-debuginfo-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-debuginfo-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXfixes3-32bit-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXfixes3-debuginfo-32bit-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXi6-32bit-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXi6-debuginfo-32bit-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXrender1-32bit-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXrender1-debuginfo-32bit-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXtst6-32bit-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXtst6-debuginfo-32bit-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXv1-32bit-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libXv1-debuginfo-32bit-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-6-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-6-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-6-debuginfo-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-6-debuginfo-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-debugsource-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-debuginfo-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libX11-xcb1-debuginfo-32bit-1.6.2-8.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXfixes-debugsource-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXfixes3-32bit-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXfixes3-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXfixes3-debuginfo-32bit-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXfixes3-debuginfo-5.0.1-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXi-debugsource-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXi6-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXi6-32bit-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXi6-debuginfo-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXi6-debuginfo-32bit-1.7.4-14.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXrender-debugsource-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXrender1-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXrender1-32bit-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXrender1-debuginfo-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXrender1-debuginfo-32bit-0.9.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXtst-debugsource-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXtst6-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXtst6-32bit-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXtst6-debuginfo-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXtst6-debuginfo-32bit-1.2.2-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXv-debugsource-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXv1-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXv1-32bit-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXv1-debuginfo-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXv1-debuginfo-32bit-1.0.10-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXvMC-debugsource-1.0.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXvMC1-1.0.8-7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libXvMC1-debuginfo-1.0.8-7.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "X Window System client libraries");
}

References

Related

openvas 40
nessus 75
mageia 1
slackware 1
ibm 2
gentoo 1
fedora 17
osv 9
ubuntucve 8
debian 5
ubuntu 3
cve 4
prion 6
debiancve 6
nvd 8
alpinelinux 3
redhatcve 6
cvelist 4
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2505-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2828-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2018-0011)
2022-01-28 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2505-1)
2016-10-13 00:00:00
openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)
2016-10-24 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : x11 (SSA:2016-305-02)
2016-11-01 00:00:00
mageia
mageia
Updated X11 client libraries packages fix security vulnerability
2018-01-01 18:50:28
slackware
slackware
[slackware-security] x11
2016-11-01 03:40:24
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libs
2019-01-31 02:25:02
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXrender (CVE-2016-7949 CVE-2016-7950)
2019-01-31 02:25:02
gentoo
gentoo
X.Org: Multiple vulnerabilities
2017-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: libXtst-1.2.3-1.fc23
2016-11-01 16:24:49
[SECURITY] Fedora 24 Update: libXtst-1.2.3-1.fc24
2016-10-09 06:23:38
[SECURITY] Fedora 25 Update: libXtst-1.2.3-1.fc25
2016-10-10 17:59:58
osv
osv
libxtst - security update
2016-10-26 00:00:00
libxrender vulnerabilities
2022-05-23 18:04:37
libxrender - security update
2016-10-18 00:00:00
ubuntucve
ubuntucve
CVE-2016-7952
2016-12-13 00:00:00
CVE-2016-7951
2016-12-13 00:00:00
CVE-2016-7946
2016-12-13 00:00:00
debian
debian
[SECURITY] [DLA 686-1] libxtst security update
2016-10-26 23:40:25
[SECURITY] [DLA 664-1] libxrender security update
2016-10-18 14:37:43
[SECURITY] [DLA 685-1] libxi security update
2016-10-26 23:40:17
ubuntu
ubuntu
libXrender vulnerabilities
2022-05-23 00:00:00
libXrandr vulnerabilities
2022-05-18 00:00:00
libXi vulnerabilities
2022-09-28 00:00:00
cve
cve
CVE-2016-7952
2016-12-13 20:59:19
CVE-2016-7949
2016-12-13 20:59:15
CVE-2016-7953
2016-12-13 20:59:20
prion
prion
Out-of-bounds
2016-12-13 20:59:00
Design/Logic Flaw
2016-12-13 20:59:00
Buffer overflow
2016-12-13 20:59:00
debiancve
debiancve
CVE-2016-7953
2016-12-13 20:59:20
CVE-2016-7952
2016-12-13 20:59:19
CVE-2016-7949
2016-12-13 20:59:15
nvd
nvd
CVE-2016-7953
2016-12-13 20:59:20
CVE-2016-7952
2016-12-13 20:59:19
CVE-2016-7951
2016-12-13 20:59:18
alpinelinux
alpinelinux
CVE-2016-7951
2016-12-13 20:59:18
CVE-2016-7952
2016-12-13 20:59:19
CVE-2016-7953
2016-12-13 20:59:20
redhatcve
redhatcve
CVE-2016-7950
2016-10-05 11:47:43
CVE-2016-7952
2016-10-05 11:48:05
CVE-2016-7953
2016-10-05 11:47:53
cvelist
cvelist
CVE-2016-7952
2016-12-13 20:00:00
CVE-2016-7949
2016-12-13 20:00:00
CVE-2016-7953
2016-12-13 20:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.019

Percentile

88.6%

JSON
Related for SUSE_SU-2016-2828-1.NASL
openvas40nessus75mageia1slackware1ibm2gentoo1fedora17osv9ubuntucve8debian5ubuntu3cve4prion6debiancve6nvd8alpinelinux3redhatcve6cvelist4