The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1607-1 advisory.
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. (CVE-2021-25287)
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. (CVE-2021-25288)
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. (CVE-2021-28675)
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
(CVE-2021-28677)
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. (CVE-2021-28678)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2024:1607-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(195340);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2021-25287",
"CVE-2021-25288",
"CVE-2021-28675",
"CVE-2021-28676",
"CVE-2021-28677",
"CVE-2021-28678"
);
script_xref(name:"SuSE", value:"SUSE-SU-2024:1607-1");
script_name(english:"openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1607-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the
SUSE-SU-2024:1607-1 advisory.
- An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in
j2ku_graya_la. (CVE-2021-25287)
- An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in
j2ku_gray_i. (CVE-2021-25288)
- An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the
number of input layers relative to the size of the data block. This could lead to a DoS on Image.open
prior to Image.load. (CVE-2021-28675)
- An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the
block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)
- An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in
EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally
quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use
this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
(CVE-2021-28677)
- An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that
reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be
run a large number of times on empty data. (CVE-2021-28678)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185786");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185803");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185805");
script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2024-May/035237.html");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-25287");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-25288");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28675");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28676");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28677");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28678");
script_set_attribute(attribute:"solution", value:
"Update the affected python3-Pillow and / or python3-Pillow-tk packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25288");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/02");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^SUSE") audit(AUDIT_OS_NOT, "openSUSE");
var os_ver = pregmatch(pattern: "^(SUSE[\d.]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SUSE15\.5)$", string:os_ver)) audit(AUDIT_OS_NOT, 'openSUSE 15', 'openSUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE (' + os_ver + ')', cpu);
var pkgs = [
{'reference':'python3-Pillow-7.2.0-150300.3.12.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'python3-Pillow-tk-7.2.0-150300.3.12.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-Pillow / python3-Pillow-tk');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
bugzilla.suse.com/1185784
bugzilla.suse.com/1185785
bugzilla.suse.com/1185786
bugzilla.suse.com/1185803
bugzilla.suse.com/1185804
bugzilla.suse.com/1185805
lists.suse.com/pipermail/sle-updates/2024-May/035237.html
www.suse.com/security/cve/CVE-2021-25287
www.suse.com/security/cve/CVE-2021-25288
www.suse.com/security/cve/CVE-2021-28675
www.suse.com/security/cve/CVE-2021-28676
www.suse.com/security/cve/CVE-2021-28677
www.suse.com/security/cve/CVE-2021-28678