Huawei EulerOS: Security Advisory for Exiv2 - Remote Host Update Missin
Reporter | Title | Published | Views | Family All 140 |
---|---|---|---|---|
Tenable Nessus | EulerOS 2.0 SP3 : exiv2 (EulerOS-SA-2022-1161) | 23 Feb 202200:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP5 : exiv2 (EulerOS-SA-2021-2657) | 11 Nov 202100:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP8 : exiv2 (EulerOS-SA-2021-2628) | 2 Nov 202100:00 | – | nessus |
Tenable Nessus | Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Exiv2 vulnerabilities (USN-5043-1) | 17 Aug 202100:00 | – | nessus |
Tenable Nessus | RHEL 8 : exiv2 (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
Tenable Nessus | GLSA-202312-06 : Exiv2: Multiple Vulnerabilities | 22 Dec 202300:00 | – | nessus |
Tenable Nessus | SUSE SLES12 Security Update : exiv2 (SUSE-SU-2022:4252-1) | 29 Nov 202200:00 | – | nessus |
Tenable Nessus | Ubuntu 20.04 LTS : Exiv2 regression (USN-5043-2) | 12 Jan 202200:00 | – | nessus |
Tenable Nessus | RHEL 9 : exiv2 (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
Tenable Nessus | Debian DLA-3265-1 : exiv2 - LTS security update | 11 Jan 202300:00 | – | nessus |
Source | Link |
---|---|
developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.1161");
script_cve_id("CVE-2020-18771", "CVE-2021-32815", "CVE-2021-34334", "CVE-2021-34335", "CVE-2021-37615", "CVE-2021-37616", "CVE-2021-37620", "CVE-2021-37622");
script_tag(name:"creation_date", value:"2022-02-24 03:23:47 +0000 (Thu, 24 Feb 2022)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-08-30 16:12:59 +0000 (Mon, 30 Aug 2021)");
script_name("Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2022-1161)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP3");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-1161");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-1161");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'exiv2' package(s) announced via the EulerOS-SA-2022-1161 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`).(CVE-2021-37615)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`).(CVE-2021-37616)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`.(CVE-2021-32815)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`).(CVE-2021-34335)
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'exiv2' package(s) on Huawei EulerOS V2.0SP3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"exiv2-libs", rpm:"exiv2-libs~0.23~6.h15", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo