Lucene search
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4156-1.NASLHistoryOct 16, 2019 - 12:00 a.m.
Ubuntu 16.04 LTS / 18.04 LTS : SDL vulnerabilities (USN-4156-1)
2019-10-1600:00:00
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4156-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(129968);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id(
"CVE-2019-13616",
"CVE-2019-7572",
"CVE-2019-7573",
"CVE-2019-7574",
"CVE-2019-7575",
"CVE-2019-7576",
"CVE-2019-7577",
"CVE-2019-7578",
"CVE-2019-7635",
"CVE-2019-7636",
"CVE-2019-7637",
"CVE-2019-7638"
);
script_xref(name:"USN", value:"4156-1");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : SDL vulnerabilities (USN-4156-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"It was discovered that SDL incorrectly handled certain images. If a
user were tricked into opening a crafted image file, a remote attacker
could use this issue to cause SDL to crash, resulting in a denial of
service, or possibly execute arbitary code.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4156-1");
script_set_attribute(attribute:"solution", value:
"Update the affected libsdl1.2-dev and / or libsdl1.2debian packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7638");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/07");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsdl1.2debian");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsdl1.2-dev");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'libsdl1.2-dev', 'pkgver': '1.2.15+dfsg1-3ubuntu0.1'},
{'osver': '16.04', 'pkgname': 'libsdl1.2debian', 'pkgver': '1.2.15+dfsg1-3ubuntu0.1'},
{'osver': '18.04', 'pkgname': 'libsdl1.2-dev', 'pkgver': '1.2.15+dfsg2-0.1ubuntu0.1'},
{'osver': '18.04', 'pkgname': 'libsdl1.2debian', 'pkgver': '1.2.15+dfsg2-0.1ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsdl1.2-dev / libsdl1.2debian');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libsdl1.2debian | p-cpe:/a:canonical:ubuntu_linux:libsdl1.2debian |
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
| canonical | ubuntu_linux | libsdl1.2-dev | p-cpe:/a:canonical:ubuntu_linux:libsdl1.2-dev |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7578
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7638
ubuntu.com/security/notices/USN-4156-1
Related
openvas
openvas
Fedora Update for SDL FEDORA-2019-e08f78d4a6
2019-09-09 00:00:00
Ubuntu: Security Advisory (USN-4156-1)
2019-10-16 00:00:00
Debian: Security Advisory (DLA-2804-1)
2021-11-01 00:00:00
debian
debian
[SECURITY] [DLA 2804-1] libsdl1.2 security update
2021-10-31 16:41:05
[SECURITY] [DLA 1714-1] libsdl2 security update
2019-03-13 16:56:09
[SECURITY] [DLA 1713-2] libsdl1.2 regression update
2019-10-17 09:45:52
ubuntu
ubuntu
SDL vulnerabilities
2019-10-15 00:00:00
SDL vulnerabilities
2019-10-16 00:00:00
SDL 2.0 vulnerabilities
2019-09-30 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: mingw-SDL-1.2.15-14.fc31
2020-02-23 01:23:25
[SECURITY] Fedora 29 Update: SDL-1.2.15-40.fc29
2019-09-08 03:09:31
[SECURITY] Fedora 29 Update: SDL-1.2.15-37.fc29
2019-03-19 05:16:59
osv
osv
libsdl1.2 - security update
2021-10-31 00:00:00
libsdl1.2 - security update
2019-03-13 00:00:00
libsdl2 - security update
2019-03-13 00:00:00
nessus
nessus
Debian DLA-2804-1 : libsdl1.2 - LTS security update
2021-10-31 00:00:00
Fedora 31 : mingw-SDL (2020-24652fe41c)
2020-02-24 00:00:00
SUSE SLED12 / SLES12 Security Update : SDL (SUSE-SU-2019:0899-1)
2019-04-09 00:00:00
archlinux
archlinux
[ASA-201910-8] sdl: arbitrary code execution
2019-10-11 00:00:00
[ASA-201908-5] sdl2: arbitrary code execution
2019-08-05 00:00:00
oraclelinux
oraclelinux
SDL security update
2020-10-06 00:00:00
SDL security update
2020-11-10 00:00:00
suse
suse
Security update for SDL (moderate)
2019-04-17 00:00:00
Security update for SDL2 (moderate)
2019-04-23 00:00:00
Security update for SDL (moderate)
2019-04-16 00:00:00
centos
centos
SDL security update
2020-10-20 18:56:35
redhat
redhat
(RHSA-2020:3868) Moderate: SDL security update
2020-09-29 07:39:03
(RHSA-2020:4627) Moderate: SDL security update
2020-11-03 12:21:34
(RHSA-2020:0293) Important: SDL security update
2020-01-30 08:38:04
almalinux
almalinux
Moderate: SDL security update
2020-11-03 12:21:34
mageia
mageia
Updated SDL12 packages fix security vulnerability
2019-04-05 21:12:59
Updated sdl2 packages fix security vulnerabilities
2019-09-07 00:09:08
Updated SDL12 packages fix security vulnerability
2019-09-07 00:09:08
amazon
amazon
Medium: SDL
2020-10-22 17:17:00
gentoo
gentoo
Simple DirectMedia Layer: Multiple vulnerabilities
2019-09-08 00:00:00
libsdl: Multiple Vulnerabilities
2023-05-03 00:00:00
ubuntucve
ubuntucve
cve
cve
CVE-2019-1000041
2019-02-21 03:15:00
CVE-2019-13616
2019-07-16 17:15:00
CVE-2019-7573
2019-02-07 07:29:00
debiancve
debiancve
redhatcve
redhatcve
alpinelinux
alpinelinux
prion
prion
veracode
veracode
Buffer Over-read
2020-10-01 03:53:20
Buffer Over-read
2020-10-01 03:53:20
Heap Buffer Over-read
2020-10-01 03:53:21
Related for UBUNTU_USN-4156-1.NASL