Lucene search
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3962-1.NASLHistoryMay 01, 2019 - 12:00 a.m.
Ubuntu 18.04 LTS : libpng vulnerability (USN-3962-1)
2019-05-0100:00:00
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3962-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(124458);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/21");
script_cve_id("CVE-2019-7317");
script_xref(name:"USN", value:"3962-1");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Ubuntu 18.04 LTS : libpng vulnerability (USN-3962-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It was discovered that libpng incorrectly handled certain memory
operations. If a user or automated system were tricked into opening a
specially crafted PNG file, a remote attacker could use this issue to
cause libpng to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3962-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7317");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng16-16");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng16-16-udeb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng-tools");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '18.04', 'pkgname': 'libpng-dev', 'pkgver': '1.6.34-1ubuntu0.18.04.2'},
{'osver': '18.04', 'pkgname': 'libpng-tools', 'pkgver': '1.6.34-1ubuntu0.18.04.2'},
{'osver': '18.04', 'pkgname': 'libpng16-16', 'pkgver': '1.6.34-1ubuntu0.18.04.2'},
{'osver': '18.04', 'pkgname': 'libpng16-16-udeb', 'pkgver': '1.6.34-1ubuntu0.18.04.2'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpng-dev / libpng-tools / libpng16-16 / libpng16-16-udeb');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libpng16-16 | p-cpe:/a:canonical:ubuntu_linux:libpng16-16 |
| canonical | ubuntu_linux | libpng16-16-udeb | p-cpe:/a:canonical:ubuntu_linux:libpng16-16-udeb |
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
| canonical | ubuntu_linux | libpng-dev | p-cpe:/a:canonical:ubuntu_linux:libpng-dev |
| canonical | ubuntu_linux | libpng-tools | p-cpe:/a:canonical:ubuntu_linux:libpng-tools |
Related
prion
prion
Design/Logic Flaw
2019-02-04 08:29:00
veracode
veracode
Denial Of Service (DoS)
2019-04-29 11:37:35
cloudfoundry
cloudfoundry
USN-3962-1: libpng vulnerability | Cloud Foundry
2019-05-01 00:00:00
f5
f5
K000132245 : libpng vulnerability CVE-2019-7317
2023-01-26 00:00:00
osv
osv
libpng1.6 - security update
2019-04-27 00:00:00
CVE-2019-7317
2019-02-04 08:29:00
firefox-esr - security update
2019-05-22 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : libpng (EulerOS-SA-2019-1787)
2019-07-25 00:00:00
Photon OS 2.0: Libpng PHSA-2019-2.0-0160
2019-05-28 00:00:00
Debian DSA-4435-1 : libpng1.6 - security update
2019-04-29 00:00:00
ubuntucve
ubuntucve
CVE-2019-7317
2019-02-04 00:00:00
debian
debian
[SECURITY] [DSA 4435-1] libpng1.6 security update
2019-04-27 07:45:35
[SECURITY] [DSA 4435-1] libpng1.6 security update
2019-04-27 07:45:35
[SECURITY] [DSA 4451-1] thunderbird security update
2019-05-24 21:01:55
debiancve
debiancve
CVE-2019-7317
2019-02-04 08:29:00
openvas
openvas
Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1787)
2020-01-23 00:00:00
Debian: Security Advisory (DSA-4435-1)
2019-04-28 00:00:00
Fedora Update for libpng FEDORA-2019-335c3ad86a
2019-05-07 00:00:00
redhatcve
redhatcve
CVE-2019-7317
2020-03-30 01:52:36
alpinelinux
alpinelinux
CVE-2019-7317
2019-02-04 08:29:00
archlinux
archlinux
[ASA-201904-10] libpng: denial of service
2019-04-24 00:00:00
[ASA-201905-8] thunderbird: multiple issues
2019-05-23 00:00:00
mageia
mageia
Updated libpng packages fix security vulnerability
2019-04-05 21:12:59
Updated thunderbird packages fix security vulnerabilities
2019-06-10 22:17:03
Updated firefox packages fix security vulnerabilities
2019-06-10 22:17:03
cve
cve
CVE-2019-7317
2019-02-04 08:29:00
fedora
fedora
[SECURITY] Fedora 29 Update: libpng-1.6.34-7.fc29
2019-02-12 02:58:45
ubuntu
ubuntu
libpng vulnerability
2019-04-30 00:00:00
OpenJDK 11 vulnerabilities
2019-07-31 00:00:00
OpenJDK 8 vulnerabilities
2019-07-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2328
2024-01-23 12:26:31
suse
suse
Security update for libpng16 (low)
2019-06-07 00:00:00
Security update for java-1_8_0-openjdk (important)
2019-08-15 00:00:00
Security update for java-11-openjdk (important)
2019-08-15 00:00:00
ibm
ibm
gentoo
gentoo
libpng: Multiple vulnerabilities
2019-08-03 00:00:00
slackware
slackware
[slackware-security] libpng
2019-04-17 21:20:24
redhat
redhat
(RHSA-2019:2494) Important: java-1.7.1-ibm security update
2019-08-15 08:51:37
(RHSA-2019:2495) Important: java-1.7.1-ibm security update
2019-08-15 08:51:41
(RHSA-2019:2737) Important: java-1.8.0-ibm security update
2019-09-11 13:12:25
amazon
amazon
Medium: java-11-amazon-corretto
2019-07-18 17:37:00
Critical: thunderbird
2019-06-11 23:24:00
kaspersky
kaspersky
KLA11520 Multiple vulnerabilities in Oracle Java
2019-07-16 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-10-09 13:12:20
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0160
2019-05-23 00:00:00
Critical Photon OS Security Update - PHSA-2019-0014
2019-05-11 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0014
2019-05-11 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2019-07-30 00:00:00
thunderbird security update
2019-06-03 00:00:00
thunderbird security update
2019-06-03 00:00:00
centos
centos
thunderbird security update
2019-06-10 22:49:17
thunderbird security update
2019-06-10 22:30:16
firefox security update
2019-05-29 19:47:30
Related for UBUNTU_USN-3962-1.NASL