This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-3882-2.NASLSUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-2)
This update for exiv2 fixes the following issues :
CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257)
CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995)
CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996)
CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000)
CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input.
(bsc#1051188)
CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack.
(bsc#1072928)
CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952)
CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095)
CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:3882-2.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(119645);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28");
script_cve_id("CVE-2017-11591", "CVE-2017-11683", "CVE-2017-14859", "CVE-2017-14862", "CVE-2017-14864", "CVE-2017-17669", "CVE-2018-10958", "CVE-2018-10998", "CVE-2018-11531");
script_name(english:"SUSE SLED12 / SLES12 Security Update : exiv2 (SUSE-SU-2018:3882-2)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for exiv2 fixes the following issues :
CVE-2017-11591: A floating point exception in the Exiv2::ValueType
function could lead to a remote denial of service attack via crafted
input. (bsc#1050257)
CVE-2017-14864: An invalid memory address dereference was discovered
in Exiv2::getULong in types.cpp. The vulnerability caused a
segmentation fault and application crash, which lead to denial of
service. (bsc#1060995)
CVE-2017-14862: An invalid memory address dereference was discovered
in Exiv2::DataValue::read in value.cpp. The vulnerability caused a
segmentation fault and application crash, which lead to denial of
service. (bsc#1060996)
CVE-2017-14859: An invalid memory address dereference was discovered
in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused
a segmentation fault and application crash, which lead to denial of
service. (bsc#1061000)
CVE-2017-11683: There is a reachable assertion in the
Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that
could lead to a remote denial of service attack via crafted input.
(bsc#1051188)
CVE-2017-17669: There is a heap-based buffer over-read in the
Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A
crafted PNG file would lead to a remote denial of service attack.
(bsc#1072928)
CVE-2018-10958: In types.cpp a large size value might have lead to a
SIGABRT during an attempt at memory allocation for an
Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952)
CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers
to cause a denial of service (SIGABRT) by triggering an incorrect
Safe::add call. (bsc#1093095)
CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in
preview.cpp. (bsc#1095070)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1050257"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1051188"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1060995"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1060996"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1061000"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1072928"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1092952"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1093095"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1095070"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-11591/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-11683/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-14859/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-14862/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-14864/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-17669/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-10958/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-10998/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-11531/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20183882-2/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a716c07e"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2018-2772=1
SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2018-2772=1
SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2018-2772=1"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:exiv2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:exiv2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libexiv2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libexiv2-12-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/24");
script_set_attribute(attribute:"patch_publication_date", value:"2018/12/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"4", reference:"exiv2-debuginfo-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"exiv2-debugsource-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libexiv2-12-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libexiv2-12-debuginfo-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"exiv2-debuginfo-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"exiv2-debugsource-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libexiv2-12-0.23-12.5.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libexiv2-12-debuginfo-0.23-12.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exiv2");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | exiv2-debuginfo | p-cpe:/a:novell:suse_linux:exiv2-debuginfo |
| novell | suse_linux | exiv2-debugsource | p-cpe:/a:novell:suse_linux:exiv2-debugsource |
| novell | suse_linux | libexiv2 | p-cpe:/a:novell:suse_linux:libexiv2 |
| novell | suse_linux | libexiv2-12-debuginfo | p-cpe:/a:novell:suse_linux:libexiv2-12-debuginfo |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11531
www.nessus.org/u?a716c07e
bugzilla.suse.com/show_bug.cgi?id=1050257
bugzilla.suse.com/show_bug.cgi?id=1051188
bugzilla.suse.com/show_bug.cgi?id=1060995
bugzilla.suse.com/show_bug.cgi?id=1060996
bugzilla.suse.com/show_bug.cgi?id=1061000
bugzilla.suse.com/show_bug.cgi?id=1072928
bugzilla.suse.com/show_bug.cgi?id=1092952
bugzilla.suse.com/show_bug.cgi?id=1093095
bugzilla.suse.com/show_bug.cgi?id=1095070
www.suse.com/security/cve/CVE-2017-11591/
www.suse.com/security/cve/CVE-2017-11683/
www.suse.com/security/cve/CVE-2017-14859/
www.suse.com/security/cve/CVE-2017-14862/
www.suse.com/security/cve/CVE-2017-14864/
www.suse.com/security/cve/CVE-2017-17669/
www.suse.com/security/cve/CVE-2018-10958/
www.suse.com/security/cve/CVE-2018-10998/
www.suse.com/security/cve/CVE-2018-11531/
Related
