The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4283-1 advisory.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)
A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42799)
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42823)
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-42824)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:4283-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(168285);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2022-32888",
"CVE-2022-32923",
"CVE-2022-42799",
"CVE-2022-42823",
"CVE-2022-42824"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:4283-1");
script_name(english:"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:4283-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:4283-1 advisory.
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big
Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32888)
- A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS
15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing
maliciously crafted web content may disclose internal states of the app. (CVE-2022-32923)
- The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13,
watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface
spoofing. (CVE-2022-42799)
- A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1,
macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web
content may lead to arbitrary code execution. (CVE-2022-42823)
- A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS
Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content
may disclose sensitive user information. (CVE-2022-42824)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205122");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205124");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-32888");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-32923");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-42799");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-42823");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-42824");
# https://lists.suse.com/pipermail/sle-security-updates/2022-November/013157.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8818c223");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-42823");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/27");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP4/5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libjavascriptcoregtk-4_0-18-2.38.2-2.120.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'libwebkit2gtk-4_0-37-2.38.2-2.120.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'libwebkit2gtk3-lang-2.38.2-2.120.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'typelib-1_0-WebKit2-4_0-2.38.2-2.120.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'libjavascriptcoregtk-4_0-18-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libwebkit2gtk-4_0-37-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libwebkit2gtk3-lang-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'typelib-1_0-WebKit2-4_0-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libjavascriptcoregtk-4_0-18-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libwebkit2gtk-4_0-37-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libwebkit2gtk3-lang-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'typelib-1_0-WebKit2-4_0-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | libjavascriptcoregtk-4_0-18 | p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18 |
novell | suse_linux | libwebkit2gtk-4_0-37 | p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37 |
novell | suse_linux | libwebkit2gtk3-lang | p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang |
novell | suse_linux | typelib-1_0-javascriptcore-4_0 | p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0 |
novell | suse_linux | typelib-1_0-webkit2-4_0 | p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0 |
novell | suse_linux | typelib-1_0-webkit2webextension-4_0 | p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0 |
novell | suse_linux | webkit2gtk-4_0-injected-bundles | p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32888
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42824
www.nessus.org/u?8818c223
bugzilla.suse.com/1205120
bugzilla.suse.com/1205121
bugzilla.suse.com/1205122
bugzilla.suse.com/1205123
bugzilla.suse.com/1205124
www.suse.com/security/cve/CVE-2022-32888
www.suse.com/security/cve/CVE-2022-32923
www.suse.com/security/cve/CVE-2022-42799
www.suse.com/security/cve/CVE-2022-42823
www.suse.com/security/cve/CVE-2022-42824