Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-2388-1.NASLHistorySep 18, 2019 - 12:00 a.m.
SUSE SLES12 Security Update : ibus (SUSE-SU-2019:2388-1)
2019-09-1800:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.2 High
AI Score
Confidence
High
This update for ibus fixes the following issues :
Security issue fixed :
CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2388-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(128989);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/24");
script_cve_id("CVE-2019-14822");
script_name(english:"SUSE SLES12 Security Update : ibus (SUSE-SU-2019:2388-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for ibus fixes the following issues :
Security issue fixed :
CVE-2019-14822: Fixed a misconfiguration of the DBus server that
allowed an unprivileged user to monitor and send method calls to the
ibus bus of another user. (bsc#1150011)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1150011");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14822/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20192388-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6ce4365");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-2388=1
SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-2388=1");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14822");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/25");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus-gtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus-gtk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus-gtk3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ibus-gtk3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libibus-1_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libibus-1_0-5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-IBus");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-debuginfo-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-debugsource-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-gtk-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-gtk-debuginfo-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-gtk3-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ibus-gtk3-debuginfo-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libibus-1_0-5-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libibus-1_0-5-debuginfo-1.5.8-10.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"typelib-1_0-IBus-1_0-1.5.8-10.4.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ibus");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
| novell | suse_linux | ibus | p-cpe:/a:novell:suse_linux:ibus |
| novell | suse_linux | ibus-debuginfo | p-cpe:/a:novell:suse_linux:ibus-debuginfo |
| novell | suse_linux | ibus-debugsource | p-cpe:/a:novell:suse_linux:ibus-debugsource |
| novell | suse_linux | ibus-gtk | p-cpe:/a:novell:suse_linux:ibus-gtk |
| novell | suse_linux | ibus-gtk-debuginfo | p-cpe:/a:novell:suse_linux:ibus-gtk-debuginfo |
| novell | suse_linux | ibus-gtk3 | p-cpe:/a:novell:suse_linux:ibus-gtk3 |
| novell | suse_linux | ibus-gtk3-debuginfo | p-cpe:/a:novell:suse_linux:ibus-gtk3-debuginfo |
| novell | suse_linux | libibus-1_0 | p-cpe:/a:novell:suse_linux:libibus-1_0 |
| novell | suse_linux | libibus-1_0-5-debuginfo | p-cpe:/a:novell:suse_linux:libibus-1_0-5-debuginfo |
Related
nessus
nessus
EulerOS 2.0 SP5 : ibus (EulerOS-SA-2021-1681)
2021-03-24 00:00:00
openSUSE Security Update : ibus (openSUSE-2019-2199)
2019-09-27 00:00:00
Fedora 30 : ibus (2019-b577187ba8)
2019-09-25 00:00:00
redhatcve
redhatcve
CVE-2019-14822
2019-09-13 07:51:28
openvas
openvas
Huawei EulerOS: Security Advisory for ibus (EulerOS-SA-2020-1855)
2020-08-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2389-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2387-1)
2021-06-09 00:00:00
redhat
redhat
cvelist
cvelist
CVE-2019-14822
2019-11-25 11:01:18
suse
suse
Security update for ibus (important)
2019-09-26 00:00:00
Security update for ibus (important)
2019-09-24 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: ibus-1.5.21-2.fc31
2019-09-18 00:07:07
[SECURITY] Fedora 29 Update: ibus-1.5.19-17.fc29
2019-09-29 02:22:59
[SECURITY] Fedora 30 Update: ibus-1.5.20-5.fc30
2019-09-25 01:08:28
mageia
mageia
Updated ibus packages fix security vulnerability
2019-09-21 14:07:28
almalinux
almalinux
Moderate: ibus and glib2 security and bug fix update
2020-04-28 09:26:53
debian
debian
[SECURITY] [DSA 4525-1] ibus security update
2019-09-18 21:02:42
[SECURITY] [DSA 4525-1] ibus security update
2019-09-18 21:02:56
ubuntu
ubuntu
IBus vulnerability
2019-09-16 00:00:00
IBus vulnerability
2020-03-24 00:00:00
oraclelinux
oraclelinux
ibus and glib2 security and bug fix update
2020-05-05 00:00:00
glib2 and ibus security and bug fix update
2020-10-06 00:00:00
f5
f5
K70949911 : Glib vulnerability CVE-2019-14822
2022-08-26 00:00:00
osv
osv
Moderate: ibus and glib2 security and bug fix update
2020-04-28 09:26:53
CVE-2019-14822
2019-11-25 12:15:11
ibus - security update
2019-09-18 00:00:00
veracode
veracode
Insecure Access Controls
2020-10-01 03:51:33
ubuntucve
ubuntucve
CVE-2019-14822
2019-09-13 00:00:00
amazon
amazon
Medium: ibus
2020-11-09 17:10:00
prion
prion
Input validation
2019-11-25 12:15:00
debiancve
debiancve
CVE-2019-14822
2019-11-25 12:15:00
cve
cve
CVE-2019-14822
2019-11-25 12:15:00
centos
centos
glib2, ibus security update
2020-10-20 18:07:15
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00