Ubuntu: Security Advisory (USN-6277-2)

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.12.2023.6277.2");
  script_cve_id("CVE-2021-3838", "CVE-2022-2400");
  script_tag(name:"creation_date", value:"2023-08-11 04:08:48 +0000 (Fri, 11 Aug 2023)");
  script_version("2024-02-28T14:37:42+0000");
  script_tag(name:"last_modification", value:"2024-02-28 14:37:42 +0000 (Wed, 28 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-07-23 02:21:55 +0000 (Sat, 23 Jul 2022)");

  script_name("Ubuntu: Security Advisory (USN-6277-2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU22\.04\ LTS");

  script_xref(name:"Advisory-ID", value:"USN-6277-2");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6277-2");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'php-dompdf' package(s) announced via the USN-6277-2 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

 It was discovered that Dompdf was not properly validating untrusted input when
 processing HTML content under certain circumstances. An attacker could
 possibly use this issue to expose sensitive information or execute arbitrary
 code. This issue only affected Ubuntu 16.04 LTS.
 (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)

 It was discovered that Dompdf was not properly validating processed HTML
 content that referenced PHAR files, which could result in the deserialization
 of untrusted data. An attacker could possibly use this issue to execute
 arbitrary code. (CVE-2021-3838)

 It was discovered that Dompdf was not properly validating processed HTML
 content that referenced both a remote base and a local file, which could
 result in the bypass of a chroot check. An attacker could possibly use this
 issue to expose sensitive information. (CVE-2022-2400)");

  script_tag(name:"affected", value:"'php-dompdf' package(s) on Ubuntu 22.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU22.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"php-dompdf", ver:"0.6.2+dfsg-3.1ubuntu0.1", rls:"UBUNTU22.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);