{"id": "OPENSUSE-SU-2020:0680-1", "bulletinFamily": "unix", "title": "Security update for libvpx (moderate)", "description": "This update for libvpx fixes the following issues:\n\n - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames\n (bsc#1166066).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "published": "2020-05-23T00:27:44", "modified": "2020-05-23T00:27:44", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html", "reporter": "Suse", "references": ["https://bugzilla.suse.com/1166066"], "cvelist": ["CVE-2020-0034"], "type": "suse", "lastseen": "2020-05-23T03:10:35", "edition": 1, "viewCount": 96, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-0034"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892136", "OPENVAS:1361412562310853168"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1558.NASL", "OPENSUSE-2020-680.NASL", "DEBIAN_DLA-2136.NASL", "SL_20201001_LIBVPX_ON_SL7_X.NASL", "SUSE_SU-2020-1297-1.NASL", "EULEROS_SA-2020-2060.NASL", "EULEROS_SA-2020-2364.NASL", "SUSE_SU-2020-1297-2.NASL", "REDHAT-RHSA-2020-3876.NASL", "ORACLELINUX_ELSA-2020-3876.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2136-1:DD208"]}, {"type": "redhat", "idList": ["RHSA-2020:3876"]}, {"type": "centos", "idList": ["CESA-2020:3876"]}, {"type": "amazon", "idList": ["ALAS2-2020-1558"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3876"]}, {"type": "threatpost", "idList": ["THREATPOST:C7B22E2E8B3AB6D2FD4DA4F6C33951CF"]}], "modified": "2020-05-23T03:10:35", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2020-05-23T03:10:35", "rev": 2}, "vulnersScore": 5.1}, "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "libvpx-debugsource-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "libvpx-debugsource", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "i586", "operator": "lt", "packageFilename": "libvpx-devel-1.6.1-lp151.5.6.1.i586.rpm", "packageName": "libvpx-devel", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "i586", "operator": "lt", "packageFilename": "libvpx4-1.6.1-lp151.5.6.1.i586.rpm", "packageName": "libvpx4", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "vpx-tools-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "vpx-tools", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "i586", "operator": "lt", "packageFilename": "vpx-tools-debuginfo-1.6.1-lp151.5.6.1.i586.rpm", "packageName": "vpx-tools-debuginfo", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "libvpx4-debuginfo-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "libvpx4-debuginfo", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "vpx-tools-debuginfo-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "vpx-tools-debuginfo", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "libvpx4-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "libvpx4", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "i586", "operator": "lt", "packageFilename": "libvpx-debugsource-1.6.1-lp151.5.6.1.i586.rpm", "packageName": "libvpx-debugsource", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "libvpx-devel-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "libvpx-devel", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "i586", "operator": "lt", "packageFilename": "libvpx4-debuginfo-1.6.1-lp151.5.6.1.i586.rpm", "packageName": "libvpx4-debuginfo", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "libvpx4-32bit-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "libvpx4-32bit", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageFilename": "libvpx4-32bit-debuginfo-1.6.1-lp151.5.6.1.x86_64.rpm", "packageName": "libvpx4-32bit-debuginfo", "packageVersion": "1.6.1-lp151.5.6.1"}, {"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "i586", "operator": "lt", "packageFilename": "vpx-tools-1.6.1-lp151.5.6.1.i586.rpm", "packageName": "vpx-tools", "packageVersion": "1.6.1-lp151.5.6.1"}]}

{"cve": [{"lastseen": "2021-02-02T07:36:52", "description": "In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-03-10T20:15:00", "title": "CVE-2020-0034", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0034"], "modified": "2020-05-23T00:15:00", "cpe": ["cpe:/o:google:android:8.0", "cpe:/o:google:android:8.1"], "id": "CVE-2020-0034", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0034", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-14T06:27:28", "description": "This update for libvpx fixes the following issues :\n\nCVE-2020-0034: Fixed an out-of-bounds read on truncated key frames\n(bsc#1166066).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-05-22T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "modified": "2020-05-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvpx-devel", "p-cpe:/a:novell:suse_linux:libvpx4-32bit-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libvpx4-debuginfo", "p-cpe:/a:novell:suse_linux:libvpx4", "p-cpe:/a:novell:suse_linux:vpx-tools", "p-cpe:/a:novell:suse_linux:vpx-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libvpx-debugsource"], "id": "SUSE_SU-2020-1297-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1297-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136790);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0034\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvpx fixes the following issues :\n\nCVE-2020-0034: Fixed an out-of-bounds read on truncated key frames\n(bsc#1166066).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0034/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201297-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63989993\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1297=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1297=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1297=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0034\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:vpx-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:vpx-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvpx4-32bit-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvpx4-32bit-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvpx-debugsource-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvpx-devel-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvpx4-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvpx4-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"vpx-tools-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"vpx-tools-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvpx4-32bit-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libvpx4-32bit-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvpx-debugsource-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvpx-devel-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvpx4-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvpx4-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"vpx-tools-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"vpx-tools-debuginfo-1.6.1-6.6.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-07T09:06:18", "description": "According to the version of the libvpx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In vp8_decode_frame of decodeframe.c, there is a\n possible out of bounds read due to improper input\n validation. This could lead to remote information\n disclosure if error correction were turned on, with no\n additional execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2020-0034)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : libvpx (EulerOS-SA-2020-2060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvpx", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2060.NASL", "href": "https://www.tenable.com/plugins/nessus/140827", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140827);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-0034\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libvpx (EulerOS-SA-2020-2060)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvpx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In vp8_decode_frame of decodeframe.c, there is a\n possible out of bounds read due to improper input\n validation. This could lead to remote information\n disclosure if error correction were turned on, with no\n additional execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2020-0034)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2060\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1264ebae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvpx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvpx-1.3.0-5.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-05-31T19:55:30", "description": "This update for libvpx fixes the following issues :\n\n - CVE-2020-0034: Fixed an out-of-bounds read on truncated\n key frames (bsc#1166066).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-05-26T00:00:00", "title": "openSUSE Security Update : libvpx (openSUSE-2020-680)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "modified": "2020-05-26T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:libvpx4", "p-cpe:/a:novell:opensuse:libvpx-devel", "p-cpe:/a:novell:opensuse:vpx-tools-debuginfo", "p-cpe:/a:novell:opensuse:libvpx4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:vpx-tools", "p-cpe:/a:novell:opensuse:libvpx-debugsource", "p-cpe:/a:novell:opensuse:libvpx4-32bit", "p-cpe:/a:novell:opensuse:libvpx4-debuginfo"], "id": "OPENSUSE-2020-680.NASL", "href": "https://www.tenable.com/plugins/nessus/136878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-680.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136878);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2020-0034\");\n\n script_name(english:\"openSUSE Security Update : libvpx (openSUSE-2020-680)\");\n script_summary(english:\"Check for the openSUSE-2020-680 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvpx fixes the following issues :\n\n - CVE-2020-0034: Fixed an out-of-bounds read on truncated\n key frames (bsc#1166066).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166066\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libvpx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvpx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvpx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvpx4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvpx4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvpx4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vpx-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vpx-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvpx-debugsource-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvpx-devel-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvpx4-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvpx4-debuginfo-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"vpx-tools-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"vpx-tools-debuginfo-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libvpx4-32bit-1.6.1-lp151.5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libvpx4-32bit-debuginfo-1.6.1-lp151.5.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx-debugsource / libvpx-devel / libvpx4 / libvpx4-debuginfo / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-07T09:06:55", "description": "According to the version of the libvpx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In vp8_decode_frame of decodeframe.c, there is a\n possible out of bounds read due to improper input\n validation. This could lead to remote information\n disclosure if error correction were turned on, with no\n additional execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2020-0034)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : libvpx (EulerOS-SA-2020-2364)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libvpx", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2364.NASL", "href": "https://www.tenable.com/plugins/nessus/142235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142235);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-0034\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libvpx (EulerOS-SA-2020-2364)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvpx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In vp8_decode_frame of decodeframe.c, there is a\n possible out of bounds read due to improper input\n validation. This could lead to remote information\n disclosure if error correction were turned on, with no\n additional execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2020-0034)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2364\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1021775c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvpx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvpx-1.3.0-5.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-14T06:27:28", "description": "This update for libvpx fixes the following issues :\n\nCVE-2020-0034: Fixed an out-of-bounds read on truncated key frames\n(bsc#1166066).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-07-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "modified": "2020-07-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvpx-devel", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libvpx4-debuginfo", "p-cpe:/a:novell:suse_linux:libvpx4", "p-cpe:/a:novell:suse_linux:vpx-tools", "p-cpe:/a:novell:suse_linux:vpx-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libvpx-debugsource"], "id": "SUSE_SU-2020-1297-2.NASL", "href": "https://www.tenable.com/plugins/nessus/138260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1297-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138260);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0034\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libvpx fixes the following issues :\n\nCVE-2020-0034: Fixed an out-of-bounds read on truncated key frames\n(bsc#1166066).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0034/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201297-2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfda525c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1297=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1297=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1297=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1297=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0034\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvpx4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:vpx-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:vpx-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvpx-debugsource-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"vpx-tools-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"vpx-tools-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libvpx-debugsource-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libvpx-devel-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libvpx4-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libvpx4-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"vpx-tools-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"vpx-tools-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libvpx-debugsource-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"vpx-tools-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"vpx-tools-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libvpx-debugsource-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libvpx-devel-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libvpx4-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libvpx4-debuginfo-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"vpx-tools-1.6.1-6.6.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"vpx-tools-debuginfo-1.6.1-6.6.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-12T09:42:12", "description": "It was discovered that there was an out-of-bounds buffer read\nvulnerability in libvpx, a library implementing the VP8 & VP9 video\ncodecs.\n\nFor Debian 8 'Jessie', this issue has been fixed in libvpx version\n1.3.0-3+deb8u3.\n\nWe recommend that you upgrade your libvpx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-03-10T00:00:00", "title": "Debian DLA-2136-1 : libvpx security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "modified": "2020-03-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libvpx-doc", "p-cpe:/a:debian:debian_linux:vpx-tools", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libvpx1", "p-cpe:/a:debian:debian_linux:libvpx-dev", "p-cpe:/a:debian:debian_linux:libvpx1-dbg"], "id": "DEBIAN_DLA-2136.NASL", "href": "https://www.tenable.com/plugins/nessus/134352", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2136-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134352);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-0034\");\n\n script_name(english:\"Debian DLA-2136-1 : libvpx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was an out-of-bounds buffer read\nvulnerability in libvpx, a library implementing the VP8 & VP9 video\ncodecs.\n\nFor Debian 8 'Jessie', this issue has been fixed in libvpx version\n1.3.0-3+deb8u3.\n\nWe recommend that you upgrade your libvpx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libvpx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvpx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvpx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvpx1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvpx1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vpx-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libvpx-dev\", reference:\"1.3.0-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvpx-doc\", reference:\"1.3.0-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvpx1\", reference:\"1.3.0-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libvpx1-dbg\", reference:\"1.3.0-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"vpx-tools\", reference:\"1.3.0-3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-12-01T09:37:31", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3876 advisory.\n\n - libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\n - libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-10-20T00:00:00", "title": "CentOS 7 : libvpx (CESA-2020:3876)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2019-9232", "CVE-2020-0034"], "modified": "2020-10-20T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvpx-devel", "p-cpe:/a:centos:centos:libvpx-utils", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libvpx"], "id": "CENTOS_RHSA-2020-3876.NASL", "href": "https://www.tenable.com/plugins/nessus/141617", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3876 and\n# CentOS Errata and Security Advisory 2020:3876 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141617);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\n \"CVE-2017-0393\",\n \"CVE-2019-9232\",\n \"CVE-2019-9433\",\n \"CVE-2020-0034\"\n );\n script_bugtraq_id(95230);\n script_xref(name:\"RHSA\", value:\"2020:3876\");\n\n script_name(english:\"CentOS 7 : libvpx (CESA-2020:3876)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3876 advisory.\n\n - libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\n - libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012765.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51cd8a2e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvpx, libvpx-devel and / or libvpx-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 125, 200, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvpx-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libvpx-utils-1.3.0-8.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvpx / libvpx-devel / libvpx-utils');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-11-21T06:04:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3876 advisory.\n\n - libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\n - libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-09-29T00:00:00", "title": "RHEL 7 : libvpx (RHSA-2020:3876)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2019-9232", "CVE-2020-0034"], "modified": "2020-09-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7::server", "p-cpe:/a:redhat:enterprise_linux:libvpx-utils", "p-cpe:/a:redhat:enterprise_linux:libvpx", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::workstation", "p-cpe:/a:redhat:enterprise_linux:libvpx-devel", "cpe:/o:redhat:enterprise_linux:7::client"], "id": "REDHAT-RHSA-2020-3876.NASL", "href": "https://www.tenable.com/plugins/nessus/141041", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3876. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141041);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2017-0393\",\n \"CVE-2019-9232\",\n \"CVE-2019-9433\",\n \"CVE-2020-0034\"\n );\n script_bugtraq_id(95230);\n script_xref(name:\"RHSA\", value:\"2020:3876\");\n\n script_name(english:\"RHEL 7 : libvpx (RHSA-2020:3876)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3876 advisory.\n\n - libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\n - libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-0393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1769657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1813000\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvpx, libvpx-devel and / or libvpx-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 125, 200, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvpx-utils\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:3876');\n}\n\npkgs = [\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-utils-1.3.0-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'libvpx-utils-1.3.0-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvpx / libvpx-devel / libvpx-utils');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-10-10T16:44:28", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3876 advisory.\n\n - A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a\n specially crafted file to cause a device hang or reboot. This issue is rated as High due to the\n possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,\n 7.1. Android ID: A-30436808. (CVE-2017-0393)\n\n - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote\n information disclosure with no additional execution privileges needed. User interaction is not needed for\n exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)\n\n - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to\n remote information disclosure with no additional execution privileges needed. User interaction is needed\n for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)\n\n - In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input\n validation. This could lead to remote information disclosure if error correction were turned on, with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-10-07T00:00:00", "title": "Oracle Linux 7 : libvpx (ELSA-2020-3876)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2019-9232", "CVE-2020-0034"], "modified": "2020-10-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvpx-utils", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:libvpx-devel", "p-cpe:/a:oracle:linux:libvpx"], "id": "ORACLELINUX_ELSA-2020-3876.NASL", "href": "https://www.tenable.com/plugins/nessus/141257", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3876.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141257);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2017-0393\",\n \"CVE-2019-9232\",\n \"CVE-2019-9433\",\n \"CVE-2020-0034\"\n );\n script_bugtraq_id(95230);\n\n script_name(english:\"Oracle Linux 7 : libvpx (ELSA-2020-3876)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3876 advisory.\n\n - A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a\n specially crafted file to cause a device hang or reboot. This issue is rated as High due to the\n possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,\n 7.1. Android ID: A-30436808. (CVE-2017-0393)\n\n - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote\n information disclosure with no additional execution privileges needed. User interaction is not needed for\n exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)\n\n - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to\n remote information disclosure with no additional execution privileges needed. User interaction is needed\n for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)\n\n - In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input\n validation. This could lead to remote information disclosure if error correction were turned on, with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-3876.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvpx, libvpx-devel and / or libvpx-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvpx-utils\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'libvpx-1.3.0-8.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'libvpx-devel-1.3.0-8.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'libvpx-utils-1.3.0-8.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libvpx-utils-1.3.0-8.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvpx / libvpx-devel / libvpx-utils');\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-10-24T09:24:53", "description": "Security Fix(es) :\n\n - libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n - libvpx: Out of bounds read in vp8_norm table\n (CVE-2019-9232)\n\n - libvpx: Use-after-free in vp8_deblock() in\n vp8/common/postproc.c (CVE-2019-9433)\n\n - libvpx: Out of bounds read in vp8_decode_frame in\n decodeframe.c (CVE-2020-0034)", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-10-21T00:00:00", "title": "Scientific Linux Security Update : libvpx on SL7.x x86_64 (20201001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2019-9232", "CVE-2020-0034"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libvpx-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libvpx", "p-cpe:/a:fermilab:scientific_linux:libvpx-utils", "p-cpe:/a:fermilab:scientific_linux:libvpx-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_LIBVPX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141685);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2017-0393\", \"CVE-2019-9232\", \"CVE-2019-9433\", \"CVE-2020-0034\");\n\n script_name(english:\"Scientific Linux Security Update : libvpx on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n - libvpx: Out of bounds read in vp8_norm table\n (CVE-2019-9232)\n\n - libvpx: Use-after-free in vp8_deblock() in\n vp8/common/postproc.c (CVE-2019-9433)\n\n - libvpx: Out of bounds read in vp8_decode_frame in\n decodeframe.c (CVE-2020-0034)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=23856\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9389b0dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvpx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvpx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvpx-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvpx-1.3.0-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvpx-debuginfo-1.3.0-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvpx-devel-1.3.0-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvpx-utils-1.3.0-8.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx / libvpx-debuginfo / libvpx-devel / libvpx-utils\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:51:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-0034"], "description": "Package : libvpx\nVersion : 1.3.0-3+deb8u3\nCVE ID : CVE-2020-0034\n\nIt was discovered that there was an out-of-bounds buffer read\nvulnerability in libvpx, a library implementing the VP8 &amp; VP9 video\ncodecs.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in libvpx version\n1.3.0-3+deb8u3.\n\nWe recommend that you upgrade your libvpx packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 6, "modified": "2020-03-09T18:34:24", "published": "2020-03-09T18:34:24", "id": "DEBIAN:DLA-2136-1:DD208", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00009.html", "title": "[SECURITY] [DLA 2136-1] libvpx security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2020-05-28T13:22:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "description": "The remote host is missing an update for the ", "modified": "2020-05-27T00:00:00", "published": "2020-05-23T00:00:00", "id": "OPENVAS:1361412562310853168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853168", "type": "openvas", "title": "openSUSE: Security Advisory for libvpx (openSUSE-SU-2020:0680-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853168\");\n script_version(\"2020-05-27T04:05:03+0000\");\n script_cve_id(\"CVE-2020-0034\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-27 04:05:03 +0000 (Wed, 27 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-23 03:00:51 +0000 (Sat, 23 May 2020)\");\n script_name(\"openSUSE: Security Advisory for libvpx (openSUSE-SU-2020:0680-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0680-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00048.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvpx'\n package(s) announced via the openSUSE-SU-2020:0680-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libvpx fixes the following issues:\n\n - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames\n (bsc#1166066).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-680=1\");\n\n script_tag(name:\"affected\", value:\"'libvpx' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvpx-debugsource\", rpm:\"libvpx-debugsource~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvpx-devel\", rpm:\"libvpx-devel~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvpx4\", rpm:\"libvpx4~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvpx4-debuginfo\", rpm:\"libvpx4-debuginfo~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vpx-tools\", rpm:\"vpx-tools~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vpx-tools-debuginfo\", rpm:\"vpx-tools-debuginfo~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvpx4-32bit\", rpm:\"libvpx4-32bit~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvpx4-32bit-debuginfo\", rpm:\"libvpx4-32bit-debuginfo~1.6.1~lp151.5.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-18T20:59:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0034"], "description": "The remote host is missing an update for the ", "modified": "2020-03-16T00:00:00", "published": "2020-03-10T00:00:00", "id": "OPENVAS:1361412562310892136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892136", "type": "openvas", "title": "Debian LTS: Security Advisory for libvpx (DLA-2136-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892136\");\n script_version(\"2020-03-16T07:45:04+0000\");\n script_cve_id(\"CVE-2020-0034\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-16 07:45:04 +0000 (Mon, 16 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-10 04:00:06 +0000 (Tue, 10 Mar 2020)\");\n script_name(\"Debian LTS: Security Advisory for libvpx (DLA-2136-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00009.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2136-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvpx'\n package(s) announced via the DLA-2136-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that there was an out-of-bounds buffer read\nvulnerability in libvpx, a library implementing the VP8 & VP9 video\ncodecs.\");\n\n script_tag(name:\"affected\", value:\"'libvpx' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in libvpx version\n1.3.0-3+deb8u3.\n\nWe recommend that you upgrade your libvpx packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libvpx-dev\", ver:\"1.3.0-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvpx-doc\", ver:\"1.3.0-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvpx1\", ver:\"1.3.0-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libvpx1-dbg\", ver:\"1.3.0-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"vpx-tools\", ver:\"1.3.0-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "centos": [{"lastseen": "2020-10-20T23:08:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2019-9232", "CVE-2020-0034"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3876\n\n\nThe libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n* libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n* libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\n* libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-October/012765.html\n\n**Affected packages:**\nlibvpx\nlibvpx-devel\nlibvpx-utils\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-10-20T18:26:54", "published": "2020-10-20T18:26:54", "id": "CESA-2020:3876", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012765.html", "title": "libvpx security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "redhat": [{"lastseen": "2020-10-07T18:04:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0393", "CVE-2019-9232", "CVE-2019-9433", "CVE-2020-0034"], "description": "The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Denial of service in mediaserver (CVE-2017-0393)\n\n* libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)\n\n* libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)\n\n* libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:42:24", "published": "2020-09-29T11:39:42", "id": "RHSA-2020:3876", "href": "https://access.redhat.com/errata/RHSA-2020:3876", "type": "redhat", "title": "(RHSA-2020:3876) Moderate: libvpx security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-12T01:24:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2019-9232", "CVE-2020-0034"], "description": "**Issue Overview:**\n\nA denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808. ([CVE-2017-0393 __](<https://access.redhat.com/security/cve/CVE-2017-0393>))\n\nIn libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 ([CVE-2019-9232 __](<https://access.redhat.com/security/cve/CVE-2019-9232>))\n\nIn libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 ([CVE-2019-9433 __](<https://access.redhat.com/security/cve/CVE-2019-9433>))\n\nIn vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 ([CVE-2020-0034 __](<https://access.redhat.com/security/cve/CVE-2020-0034>))\n\n \n**Affected Packages:** \n\n\nlibvpx\n\n \n**Issue Correction:** \nRun _yum update libvpx_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n libvpx-1.3.0-8.amzn2.0.1.aarch64 \n libvpx-devel-1.3.0-8.amzn2.0.1.aarch64 \n libvpx-utils-1.3.0-8.amzn2.0.1.aarch64 \n libvpx-debuginfo-1.3.0-8.amzn2.0.1.aarch64 \n \n i686: \n libvpx-1.3.0-8.amzn2.0.1.i686 \n libvpx-devel-1.3.0-8.amzn2.0.1.i686 \n libvpx-utils-1.3.0-8.amzn2.0.1.i686 \n libvpx-debuginfo-1.3.0-8.amzn2.0.1.i686 \n \n src: \n libvpx-1.3.0-8.amzn2.0.1.src \n \n x86_64: \n libvpx-1.3.0-8.amzn2.0.1.x86_64 \n libvpx-devel-1.3.0-8.amzn2.0.1.x86_64 \n libvpx-utils-1.3.0-8.amzn2.0.1.x86_64 \n libvpx-debuginfo-1.3.0-8.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2020-11-09T17:10:00", "published": "2020-11-09T17:10:00", "id": "ALAS2-2020-1558", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1558.html", "title": "Medium: libvpx", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2020-10-07T06:48:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0393", "CVE-2019-9433", "CVE-2010-4203", "CVE-2019-9232", "CVE-2020-0034"], "description": "[1.3.0-8]\n- Fix for CVE-2020-0034\n- Resolves: rhbz#1823909\n[1.3.0-7]\n- Fix for CVE-2019-9232 and CVE-2019-9433\n- Resolves: rhbz#1796085, rhbz#1796099\n[1.3.0-6]\n- Fix for CVE-2017-0393\n- Resolves: rhbz#1779498\n[1.3.0-4]\n- fix Illegal Instruction abort\n[1.3.0-3]\n- update library symbol list for 1.3.0 from Debian\n[1.3.0-2]\n- armv7hl specific target\n[1.3.0-1]\n- update to 1.3.0\n[1.2.0-1]\n- update to 1.2.0\n[1.1.0-1]\n- update to 1.1.0\n[1.0.0-3]\n- fix vpx.pc file to include -lm (bz825754)\n[1.0.0-2]\n- use included vpx.pc file (drop local libvpx.pc)\n- apply upstream fix to vpx.pc file (bz 814177)\n[1.0.0-1]\n- update to 1.0.0\n[0.9.7.1-3]\n- use macro instead of hard-coded version\n[0.9.7.1-2]\n- fix build on generic targets\n[0.9.7.1-1]\n- libvpx 0.9.7-p1\n[0.9.7-1]\n- libvpx 0.9.7\n[0.9.6-2]\n- add 2 symbols to the shared library for generic targets\n[0.9.6-1]\n- update to 0.9.6\n[0.9.5-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n[0.9.5-2]\n- apply patch from upstream git (Change I6266aba7), should resolve CVE-2010-4203\n[0.9.5-1]\n- update to 0.9.5\n[0.9.1-3]\n- only package html docs to avoid multilib conflict (bz 613185)\n[0.9.1-2]\n- build shared library the old way for generic arches\n[0.9.1-1]\n- update to 0.9.1\n[0.9.0-7]\n- update to git revision 8389f1967c5f8b3819cca80705b1b4ba04132b93\n- upstream fix for bz 599147\n- proper shared library support\n[0.9.0-6]\n- add hackish fix for bz 599147\n (upstream will hopefully fix properly in future release)\n[0.9.0-5]\n- fix noexecstack flag\n[0.9.0-4]\n- BuildRequires: yasm (were optimized again)\n[0.9.0-3]\n- add pkg-config file\n- move headers into include/vpx/\n- enable optimization\n[0.9.0-2]\n- fix permissions on binaries\n- rename generic binaries to v8_*\n- link shared library to -lm, -lpthread to resolve missing weak symbols\n[0.9.0-1]\n- Initial package for Fedora", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-3876", "href": "http://linux.oracle.com/errata/ELSA-2020-3876.html", "title": "libvpx security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-10-15T22:23:26", "bulletinFamily": "info", "cvelist": ["CVE-2019-2215", "CVE-2020-0032", "CVE-2020-0033", "CVE-2020-0034", "CVE-2020-0069", "CVE-2020-24400", "CVE-2020-24407", "CVE-2020-5135"], "description": "Google has addressed a high-severity flaw in MediaTek\u2019s Command Queue driver that developers said affects millions of devices \u2013 and which has an exploit already circulating in the wild.\n\nAlso in its March 2020 Android Security bulletin, [issued this week](<https://source.android.com/security/bulletin/2020-03-01>), Google disclosed and patched a critical security vulnerability in the Android media framework, which could enable remote code execution within the context of a privileged process.\n\nThe critical bug (CVE-2020-0032) can be exploited with a specially crafted file, according to the advisory. Other details were scant, but Google noted that it\u2019s the most concerning vulnerability out of the entirety of the March update.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe MediaTek bug meanwhile is an elevation-of-privilege flaw (CVE-2020-0069) discovered by members of XDA-Developers (a forum for Android software modifications) \u2014 they said the bug is more specifically a root-access issue. Even though the March update is the bug\u2019s first public disclosure, XDA members said [in a posting this week](<https://www.xda-developers.com/mediatek-su-rootkit-exploit/>) that an exploit for it has been floating around since April last year. And, they said that it is now being actively used by cybercriminals in campaigns.\n\n\u201cDespite MediaTek making a patch available a month after discovery, the vulnerability is still exploitable on dozens of device models,\u201d according to the alert. \u201cNow MediaTek has turned to Google to close this patch gap and secure millions of devices against this critical security exploit.\u201d\n\nAn XDA community member who goes by \u201cdiplomatic\u201d was looking to gain root access to Amazon Fire tablets, which runs on the Android OS, in order to get rid of what developers said is \u201cuninstallable bloatware\u201d on the devices. Amazon has locked the environment down to keep users within its walled garden, according to the developers.\n\n\u201cThe only way to root an Amazon Fire tablet (without hardware modifications) is to find an exploit in the software that allows the user to bypass Android\u2019s security model,\u201d according to the post. \u201cIn February of 2019, that\u2019s exactly what XDA Senior Member diplomatic did when he published a thread on our Amazon Fire tablet forums. He quickly realized that this exploit was far wider in scope than just Amazon\u2019s Fire tablets.\u201d\n\nIn fact, the exploit works on \u201cvirtually all of MediaTek\u2019s 64-bit chips,\u201d developers said, translating to millions of devices.\n\ndiplomatic\u2019s exploit is a script, dubbed \u201cMediaTek-su\u201d that grants users superuser access in shell. It also sets SELinux (the Linux kernel module that provides access control for processes), to the \u201chighly insecure \u201cpermissive\u201d state,\u201d according to the post.\n\n\u201cFor a user to get root access and set SELinux to permissive on their own device is shockingly easy to do: All you have to do is copy the script to a temporary folder, change directories to where the script is stored, add executable permissions to the script, and then execute the script,\u201d XDA members explained.\n\nAfter discovering the script and how dangerous it can be in February, the forum notified Google of the bug, members said. XDA noted that in January, Trend Micro [found three malicious spyware apps](<https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/>) in the Google Play Store, linked to the APT known as SideWinder. The analysis mentions in passing that the apps were using MediaTek-su to gain root access on Pixel devices \u2013 though XDA pointed out that researchers there likely didn\u2019t realize that MediaTek-su was an unpatched exploit and didn\u2019t think to notify vendors.\n\nThe consequences of a successful attack can be significant: With root access, any app can grant itself any permission it wants; and with a root shell, all files on the device, even those stored in private data directories of applications, are accessible.\n\n\u201cAn app with root can also silently install any other app it wants in the background and then grant them whatever permissions they need to violate your privacy,\u201d according to XDA members. \u201cAccording to XDA Recognized Developer topjohnwu, a malicious app can even \u2018inject code directly into Zygote by using ptrace,\u2019 which means a normal app on your device could be hijacked to do the bidding of the attacker.\u201d\n\nAlso in its March Android update, Google also patched a slew of other high-severity bugs and a handful of moderate flaws, across various components. In the media framework, Google addressed a high-severity elevation-of-privilege bug (CVE-2020-0033) and a high-severity information-disclosure issue (CVE-2020-0034) for instance. Other components with patches include the Android system, the Android framework, the Google Play system, the kernel and flexible printed circuits (FPC). It also issued advisories for high-severity bugs in third-party components, including from Qualcomm and the aforementioned MediaTek bug.\n\nAndroid partners and OEMs were notified of the issues at least a month before publication of the March update in order to give them time to issue patches, as [Samsung has done](<https://security.samsungmobile.com/securityUpdate.smsb>) as well as [Qualcomm](<https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin>). Source code patches for the issues were also released to the Android Open Source Project (AOSP) repository, according to the advisory.While the patch is now available, XDA members pointed out that MediaTek chipsets are found in dozens of budget and mid-tier Android devices from many different vendors, so the patching process is likely to take a while.\n", "modified": "2020-03-03T19:02:22", "published": "2020-03-03T19:02:22", "id": "THREATPOST:C7B22E2E8B3AB6D2FD4DA4F6C33951CF", "href": "https://threatpost.com/mediatek-bug-actively-exploited-android/153408/", "type": "threatpost", "title": "MediaTek Bug Actively Exploited, Affects Millions of Android Devices", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}