Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-2204-1.NASL
HistoryAug 07, 2018 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : libsoup (SUSE-SU-2018:2204-1)

2018-08-0700:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

This update for libsoup fixes the following issues: Security issue fixed :

  • CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097).

  • CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes :

  • bsc#1086036: translation-update-upstream commented out for Leap

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2204-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(111574);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/13");

  script_cve_id("CVE-2017-2885", "CVE-2018-12910");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : libsoup (SUSE-SU-2018:2204-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for libsoup fixes the following issues: Security issue
fixed :

  - CVE-2018-12910: Fix crash when handling empty hostnames
    (bsc#1100097).

  - CVE-2017-2885: Fix chunk decoding buffer overrun that
    could be exploited against either clients or servers
    (bsc#1052916). Bug fixes :

  - bsc#1086036: translation-update-upstream commented out
    for Leap

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1052916"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-2885/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12910/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182204-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?33876e3f"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-1497=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-1497=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-1497=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-2_4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-2_4-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-2_4-1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoup-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-Soup");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoup-2_4-1-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoup-2_4-1-32bit-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoup-2_4-1-debuginfo-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoup-debugsource-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"typelib-1_0-Soup-2_4-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsoup-2_4-1-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsoup-2_4-1-32bit-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsoup-2_4-1-debuginfo-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsoup-debugsource-2.62.2-5.7.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"typelib-1_0-Soup-2_4-2.62.2-5.7.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsoup");
}
VendorProductVersionCPE
novellsuse_linuxlibsoup-2_4p-cpe:/a:novell:suse_linux:libsoup-2_4
novellsuse_linuxlibsoup-2_4-1p-cpe:/a:novell:suse_linux:libsoup-2_4-1
novellsuse_linuxlibsoup-2_4-1-debuginfop-cpe:/a:novell:suse_linux:libsoup-2_4-1-debuginfo
novellsuse_linuxlibsoup-debugsourcep-cpe:/a:novell:suse_linux:libsoup-debugsource
novellsuse_linuxtypelib-1_0-soupp-cpe:/a:novell:suse_linux:typelib-1_0-soup
novellsuse_linux12cpe:/o:novell:suse_linux:12

Related

nessus 45
suse 5
openvas 32
osv 5
f5 1
fedora 7
ibm 2
debian 4
ubuntu 2
redhatcve 2
debiancve 2
prion 2
ubuntucve 2
mageia 2
veracode 2
cve 2
centos 2
gentoo 1
packetstorm 1
talos 1
seebug 1
zdt 1
alpinelinux 1
slackware 1
oraclelinux 2
freebsd 1
archlinux 1
redhat 3
photon 8
nessus
nessus
SUSE SLES12 Security Update : libsoup (SUSE-SU-2018:2204-2)
2019-01-09 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : libsoup (EulerOS-SA-2020-2047)
2020-09-29 00:00:00
openSUSE Security Update : libsoup (openSUSE-2018-856)
2018-08-10 00:00:00
suse
suse
Security update for libsoup (moderate)
2018-08-10 03:16:11
Security update for libsoup (moderate)
2019-05-03 00:00:00
Security update for libsoup (important)
2017-08-10 18:08:55
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2204-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2204-2)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2020-2047)
2020-09-29 00:00:00
osv
osv
libsoup2.4 - security update
2018-07-05 00:00:00
CVE-2018-12910
2018-07-05 18:29:00
libsoup2.4 - security update
2018-07-06 00:00:00
f5
f5
K10027302 : Libsoup vulnerability CVE-2018-12910
2022-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libsoup-2.62.2-2.fc28
2018-07-03 16:56:45
[SECURITY] Fedora 31 Update: mingw-libsoup-2.68.0-1.fc31
2019-10-02 00:48:44
[SECURITY] Fedora 27 Update: libsoup-2.60.3-2.fc27
2018-07-05 15:19:10
ibm
ibm
Security Bulletin: A vulnerability in libsoup affects PowerKVM
2019-05-17 16:05:02
Security Bulletin: A vulnerability in libsoup affects PowerKVM
2018-06-18 01:38:15
debian
debian
[SECURITY] [DLA 1416-1] libsoup2.4 security update
2018-07-06 11:03:35
[SECURITY] [DSA 4241-1] libsoup2.4 security update
2018-07-05 20:57:52
[SECURITY] [DSA 3929-1] libsoup2.4 security update
2017-08-10 13:26:26
ubuntu
ubuntu
libsoup vulnerability
2018-07-03 00:00:00
libsoup vulnerability
2017-08-10 00:00:00
redhatcve
redhatcve
CVE-2018-12910
2018-07-04 05:48:44
CVE-2017-2885
2017-08-10 13:18:23
debiancve
debiancve
CVE-2018-12910
2018-07-05 18:29:00
CVE-2017-2885
2018-04-24 19:29:00
prion
prion
Design/Logic Flaw
2018-07-05 18:29:00
Stack overflow
2018-04-24 19:29:00
ubuntucve
ubuntucve
CVE-2018-12910
2018-06-29 00:00:00
CVE-2017-2885
2017-08-10 00:00:00
mageia
mageia
Updated libsoup packages fix security vulnerability
2018-08-10 17:37:39
Updated libsoup packages fix security vulnerability
2017-08-16 03:01:16
veracode
veracode
Denial Of Service (DoS)
2018-07-06 05:37:17
Remote Code Execution
2020-05-10 23:23:28
cve
cve
CVE-2018-12910
2018-07-05 18:29:00
CVE-2017-2885
2018-04-24 19:29:00
centos
centos
libsoup security update
2017-08-24 09:44:05
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
2018-11-15 18:43:07
gentoo
gentoo
libsoup: Arbitrary remote code execution
2017-09-26 00:00:00
packetstorm
packetstorm
ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow
2020-12-07 00:00:00
talos
talos
GNOME libsoup HTTP Chunked Encoding Remote Code Execution Vulnerability
2017-08-10 00:00:00
seebug
seebug
GNOME libsoup HTTP Chunked Encoding Remote Code Execution Vulnerability(CVE-2017-2885)
2017-09-13 00:00:00
zdt
zdt
ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow Exploit
2020-12-08 00:00:00
alpinelinux
alpinelinux
CVE-2017-2885
2018-04-24 19:29:00
slackware
slackware
[slackware-security] libsoup
2017-08-11 23:11:09
oraclelinux
oraclelinux
libsoup security update
2017-08-10 00:00:00
GNOME security, bug fix, and enhancement update
2018-11-05 00:00:00
freebsd
freebsd
libsoup -- stack based buffer overflow
2017-08-17 00:00:00
archlinux
archlinux
[ASA-201708-5] libsoup: arbitrary code execution
2017-08-10 00:00:00
redhat
redhat
(RHSA-2017:2459) Important: libsoup security update
2017-08-10 13:21:25
(RHSA-2018:3140) Moderate: GNOME security, bug fix, and enhancement update
2018-10-30 04:22:45
(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
2018-11-06 15:39:03
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0182
2018-09-05 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0091
2018-09-06 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0149
2018-06-20 00:00:00
JSON
Related for SUSE_SU-2018-2204-1.NASL
nessus45suse5openvas32osv5f51fedora7ibm2debian4ubuntu2redhatcve2debiancve2prion2ubuntucve2mageia2veracode2cve2centos2gentoo1packetstorm1talos1seebug1zdt1alpinelinux1slackware1oraclelinux2freebsd1archlinux1redhat3photon8