{"id": "UB:CVE-2017-5059", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2017-5059", "description": "Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux,\nWindows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker\nto potentially obtain code execution via a crafted HTML page.", "published": "2017-10-27T00:00:00", "modified": "2017-10-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://ubuntu.com/security/CVE-2017-5059", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5059", "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", "https://nvd.nist.gov/vuln/detail/CVE-2017-5059", "https://launchpad.net/bugs/cve/CVE-2017-5059", "https://security-tracker.debian.org/tracker/CVE-2017-5059"], "cvelist": ["CVE-2017-5059"], "immutableFields": [], "lastseen": "2021-11-22T21:39:45", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201704-5"]}, {"type": "chrome", "idList": ["GCSA-4059449663936197040"]}, {"type": "cve", "idList": ["CVE-2017-5059"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5059"]}, {"type": "fedora", "idList": ["FEDORA:030966045A1A", "FEDORA:0C3AC6087C5C", "FEDORA:26C7E60200B1", "FEDORA:745A960648C9", "FEDORA:75D176087481", "FEDORA:AA6F760499C7", "FEDORA:B8652601DA21", "FEDORA:E68A1603A526", "FEDORA:E7DA16095B45"]}, {"type": "freebsd", "idList": ["95A74A48-2691-11E7-9E2D-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201705-02"]}, {"type": "kaspersky", "idList": ["KLA11000"]}, {"type": "nessus", "idList": ["700067.PASL", "FEDORA_2017-58CDE32413.NASL", "FEDORA_2017-7D698EBA8B.NASL", "FEDORA_2017-811133DC2C.NASL", "FEDORA_2017-98BED96D12.NASL", "FEDORA_2017-DC7CE3B314.NASL", "FEDORA_2017-E83C26A8C9.NASL", "FREEBSD_PKG_95A74A48269111E79E2DE8E0B747A45A.NASL", "GENTOO_GLSA-201705-02.NASL", "GOOGLE_CHROME_58_0_3029_81.NASL", "MACOSX_GOOGLE_CHROME_58_0_3029_81.NASL", "OPENSUSE-2017-508.NASL", "REDHAT-RHSA-2017-1124.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810753", "OPENVAS:1361412562310810754", "OPENVAS:1361412562310810755", "OPENVAS:1361412562310851539", "OPENVAS:1361412562310872699", "OPENVAS:1361412562310872701", "OPENVAS:1361412562310872730", "OPENVAS:1361412562310872734", "OPENVAS:1361412562310872863", "OPENVAS:1361412562310872901"]}, {"type": "redhat", "idList": ["RHSA-2017:1124"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5059"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1098-1", "OPENSUSE-SU-2017:1100-1"]}, {"type": "zdi", "idList": ["ZDI-17-314"]}], "rev": 4}, "score": {"value": 7.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201704-5"]}, {"type": "chrome", "idList": ["GCSA-4059449663936197040"]}, {"type": "cve", "idList": ["CVE-2017-5059"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5059"]}, {"type": "fedora", "idList": ["FEDORA:030966045A1A", "FEDORA:0C3AC6087C5C", "FEDORA:26C7E60200B1", "FEDORA:745A960648C9", "FEDORA:75D176087481", "FEDORA:AA6F760499C7", "FEDORA:B8652601DA21", "FEDORA:E7DA16095B45"]}, {"type": "freebsd", "idList": ["95A74A48-2691-11E7-9E2D-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201705-02"]}, {"type": "kaspersky", "idList": ["KLA11000"]}, {"type": "nessus", "idList": ["FEDORA_2017-58CDE32413.NASL", "FEDORA_2017-811133DC2C.NASL", "FEDORA_2017-E83C26A8C9.NASL", "FREEBSD_PKG_95A74A48269111E79E2DE8E0B747A45A.NASL", "GENTOO_GLSA-201705-02.NASL", "GOOGLE_CHROME_58_0_3029_81.NASL", "MACOSX_GOOGLE_CHROME_58_0_3029_81.NASL", "OPENSUSE-2017-508.NASL", "REDHAT-RHSA-2017-1124.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810753", "OPENVAS:1361412562310810754", "OPENVAS:1361412562310810755", "OPENVAS:1361412562310851539", "OPENVAS:1361412562310872699", "OPENVAS:1361412562310872701", "OPENVAS:1361412562310872730", "OPENVAS:1361412562310872734"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5059"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1098-1", "OPENSUSE-SU-2017:1100-1"]}, {"type": "zdi", "idList": ["ZDI-17-314"]}]}, "exploitation": null, "vulnersScore": 7.4}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "58.0.3029.81", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "58.0.3029.81-0ubuntu2.1350", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "58.0.3029.81-0ubuntu0.16.04.1277", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [58.0.3029.81-0ubuntu0.14.04.1172]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "oxide-qt"}], "bugs": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"redhatcve": [{"lastseen": "2021-09-02T22:50:18", "description": "Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-20T06:49:39", "type": "redhatcve", "title": "CVE-2017-5059", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5059"], "modified": "2020-08-18T08:59:54", "id": "RH:CVE-2017-5059", "href": "https://access.redhat.com/security/cve/cve-2017-5059", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-04-11T21:07:08", "description": "Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T05:29:00", "type": "cve", "title": "CVE-2017-5059", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5059"], "modified": "2022-04-11T19:27:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0"], "id": "CVE-2017-5059", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5059", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2022-04-11T21:44:53", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of list item markers. It's possible to trigger a type confusion condition by manipulating a document's elements. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-02T00:00:00", "type": "zdi", "title": "Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5059"], "modified": "2017-05-02T00:00:00", "id": "ZDI-17-314", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-314/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-11T23:34:41", "description": "Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T05:29:00", "type": "debiancve", "title": "CVE-2017-5059", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5059"], "modified": "2017-10-27T05:29:00", "id": "DEBIANCVE:CVE-2017-5059", "href": "https://security-tracker.debian.org/tracker/CVE-2017-5059", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-04-24T23:18:57", "description": "This update to Chromium 58.0.3029.81 fixes the following security issues\n (bsc#1035103):\n\n - CVE-2017-5057: Type confusion in PDFium\n - CVE-2017-5058: Heap use after free in Print Preview\n - CVE-2017-5059: Type confusion in Blink\n - CVE-2017-5060: URL spoofing in Omnibox\n - CVE-2017-5061: URL spoofing in Omnibox\n - CVE-2017-5062: Use after free in Chrome Apps\n - CVE-2017-5063: Heap overflow in Skia\n - CVE-2017-5064: Use after free in Blink\n - CVE-2017-5065: Incorrect UI in Blink\n - CVE-2017-5066: Incorrect signature handing in Networking\n - CVE-2017-5067: URL spoofing in Omnibox\n - CVE-2017-5069: Cross-origin bypass in Blink\n\n", "cvss3": {}, "published": "2017-04-25T00:09:06", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061"], "modified": "2017-04-25T00:09:06", "id": "OPENSUSE-SU-2017:1100-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00030.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-04-24T23:18:57", "description": "This update to Chromium 58.0.3029.81 fixes the following security issues\n (bsc#1035103):\n\n - CVE-2017-5057: Type confusion in PDFium\n - CVE-2017-5058: Heap use after free in Print Preview\n - CVE-2017-5059: Type confusion in Blink\n - CVE-2017-5060: URL spoofing in Omnibox\n - CVE-2017-5061: URL spoofing in Omnibox\n - CVE-2017-5062: Use after free in Chrome Apps\n - CVE-2017-5063: Heap overflow in Skia\n - CVE-2017-5064: Use after free in Blink\n - CVE-2017-5065: Incorrect UI in Blink\n - CVE-2017-5066: Incorrect signature handing in Networking\n - CVE-2017-5067: URL spoofing in Omnibox\n - CVE-2017-5069: Cross-origin bypass in Blink\n\n", "cvss3": {}, "published": "2017-04-25T00:08:31", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061"], "modified": "2017-04-25T00:08:31", "id": "OPENSUSE-SU-2017:1098-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00028.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2017:1098-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851539", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851539\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:33:47 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\",\n \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\",\n \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2017:1098-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Chromium 58.0.3029.81 fixes the following security issues\n (bsc#1035103):\n\n - CVE-2017-5057: Type confusion in PDFium\n\n - CVE-2017-5058: Heap use after free in Print Preview\n\n - CVE-2017-5059: Type confusion in Blink\n\n - CVE-2017-5060: URL spoofing in Omnibox\n\n - CVE-2017-5061: URL spoofing in Omnibox\n\n - CVE-2017-5062: Use after free in Chrome Apps\n\n - CVE-2017-5063: Heap overflow in Skia\n\n - CVE-2017-5064: Use after free in Blink\n\n - CVE-2017-5065: Incorrect UI in Blink\n\n - CVE-2017-5066: Incorrect signature handing in Networking\n\n - CVE-2017-5067: URL spoofing in Omnibox\n\n - CVE-2017-5069: Cross-origin bypass in Blink\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1098-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~58.0.3029.81~104.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~58.0.3029.81~104.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~58.0.3029.81~104.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~58.0.3029.81~104.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~58.0.3029.81~104.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~58.0.3029.81~111.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~58.0.3029.81~111.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~58.0.3029.81~111.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~58.0.3029.81~111.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~58.0.3029.81~111.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:06:11", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810755", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810755\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\",\n\"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\",\n\"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 11:29:33 +0530 (Thu, 20 Apr 2017)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The type confusion in PDFium.\n\n - The heap use after free in Print Preview.\n\n - The type confusion in Blink.\n\n - The URL spoofing in Omnibox.\n\n - An use after free in Chrome Apps.\n\n - The heap overflow in Skia.\n\n - An use after free in Blink.\n\n - An incorrect UI in Blink.\n\n - An incorrect signature handing in Networking.\n\n - The cross-origin bypass in Blink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attacker to bypass security, execute\n arbitrary code, cause denial of service and conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 58.0.3029.81 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 58.0.3029.81 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"58.0.3029.81\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"58.0.3029.81\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:05:50", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810753", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810753\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\",\n \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\",\n \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 11:29:33 +0530 (Thu, 20 Apr 2017)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The type confusion in PDFium.\n\n - The heap use after free in Print Preview.\n\n - The type confusion in Blink.\n\n - The URL spoofing in Omnibox.\n\n - An use after free in Chrome Apps.\n\n - The heap overflow in Skia.\n\n - An use after free in Blink.\n\n - An incorrect UI in Blink.\n\n - An incorrect signature handing in Networking.\n\n - The cross-origin bypass in Blink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attacker to bypass security, execute\n arbitrary code, cause denial of service and conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 58.0.3029.81 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 58.0.3029.81 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"58.0.3029.81\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"58.0.3029.81\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:08:45", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810754", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Linux\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810754\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\",\n\"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\",\n\"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 11:29:33 +0530 (Thu, 20 Apr 2017)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The type confusion in PDFium.\n\n - The heap use after free in Print Preview.\n\n - The type confusion in Blink.\n\n - The URL spoofing in Omnibox.\n\n - An use after free in Chrome Apps.\n\n - The heap overflow in Skia.\n\n - An use after free in Blink.\n\n - An incorrect UI in Blink.\n\n - An incorrect signature handing in Networking.\n\n - The cross-origin bypass in Blink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attacker to bypass security, execute\n arbitrary code, cause denial of service and conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 58.0.3029.81 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 58.0.3029.81 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"58.0.3029.81\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"58.0.3029.81\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for chromium-native_client FEDORA-2017-dc7ce3b314", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061", "CVE-2017-5068"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium-native_client FEDORA-2017-dc7ce3b314\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872701\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-23 07:15:00 +0200 (Tue, 23 May 2017)\");\n script_cve_id(\"CVE-2017-5068\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\",\n \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\",\n \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\",\n \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium-native_client FEDORA-2017-dc7ce3b314\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium-native_client'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium-native_client on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-dc7ce3b314\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BT7WVLUTXK7PM57WAG3XZEYFKDIMDNEO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium-native_client\", rpm:\"chromium-native_client~58.0.3029.81~1.20170421gitc948e9b.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2017-dc7ce3b314", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5063", "CVE-2017-5069", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061", "CVE-2017-5068"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2017-dc7ce3b314\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872699\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-23 07:14:32 +0200 (Tue, 23 May 2017)\");\n script_cve_id(\"CVE-2017-5068\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\",\n \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\",\n \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\",\n \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2017-dc7ce3b314\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-dc7ce3b314\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOO2JOKHGMVOPEK2AAXAHVZPXVQWP7XA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~58.0.3029.110~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-03T00:00:00", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2017-7d698eba8b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5056", "CVE-2017-5060", "CVE-2017-5052", "CVE-2017-5063", "CVE-2017-5053", "CVE-2017-5069", "CVE-2017-5055", "CVE-2017-5054", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061", "CVE-2017-5068"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872734", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872734", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2017-7d698eba8b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872734\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-03 07:04:08 +0200 (Sat, 03 Jun 2017)\");\n script_cve_id(\"CVE-2017-5068\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\",\n \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\",\n \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\", \"CVE-2017-5055\",\n \"CVE-2017-5054\", \"CVE-2017-5052\", \"CVE-2017-5056\", \"CVE-2017-5053\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2017-7d698eba8b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7d698eba8b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYJROQXOV7LHVDSJ5FZLXQZOESNE66EB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~58.0.3029.110~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-03T00:00:00", "type": "openvas", "title": "Fedora Update for chromium-native_client FEDORA-2017-7d698eba8b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5065", "CVE-2017-5059", "CVE-2017-5056", "CVE-2017-5060", "CVE-2017-5052", "CVE-2017-5063", "CVE-2017-5053", "CVE-2017-5069", "CVE-2017-5055", "CVE-2017-5054", "CVE-2017-5064", "CVE-2017-5058", "CVE-2017-5067", "CVE-2017-5062", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061", "CVE-2017-5068"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872730", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium-native_client FEDORA-2017-7d698eba8b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872730\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-03 07:03:21 +0200 (Sat, 03 Jun 2017)\");\n script_cve_id(\"CVE-2017-5068\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\",\n \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\",\n \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\", \"CVE-2017-5055\",\n \"CVE-2017-5054\", \"CVE-2017-5052\", \"CVE-2017-5056\", \"CVE-2017-5053\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium-native_client FEDORA-2017-7d698eba8b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium-native_client'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium-native_client on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7d698eba8b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QKJYO274OP4DEVILWSU5WBSUXBE2KJT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium-native_client\", rpm:\"chromium-native_client~58.0.3029.81~1.20170421gitc948e9b.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtwebengine FEDORA-2017-58cde32413", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5023", "CVE-2017-5012", "CVE-2017-5009", "CVE-2017-5032", "CVE-2017-5044", "CVE-2017-5036", "CVE-2017-5065", "CVE-2017-5026", "CVE-2017-5033", "CVE-2017-5019", "CVE-2017-5034", "CVE-2017-5014", "CVE-2017-5059", "CVE-2017-5022", "CVE-2017-5060", "CVE-2017-5052", "CVE-2017-5017", "CVE-2017-5053", "CVE-2017-5039", "CVE-2017-5007", "CVE-2017-5040", "CVE-2017-5021", "CVE-2017-5069", "CVE-2017-5011", "CVE-2017-5025", "CVE-2017-5055", "CVE-2017-5029", "CVE-2017-5024", "CVE-2017-5016", "CVE-2017-5046", "CVE-2017-5027", "CVE-2017-5015", "CVE-2017-5010", "CVE-2017-5013", "CVE-2017-5058", "CVE-2017-5008", "CVE-2017-5067", "CVE-2017-5018", "CVE-2017-5045", "CVE-2017-5062", "CVE-2017-5006", "CVE-2017-5066", "CVE-2017-5057", "CVE-2017-5061", "CVE-2017-5068", "CVE-2017-5020"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872863", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtwebengine FEDORA-2017-58cde32413\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872863\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:08 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\",\n \"CVE-2017-5010\", \"CVE-2017-5011\", \"CVE-2017-5012\", \"CVE-2017-5013\",\n \"CVE-2017-5014\", \"CVE-2017-5015\", \"CVE-2017-5016\", \"CVE-2017-5017\",\n \"CVE-2017-5018\", \"CVE-2017-5019\", \"CVE-2017-5020\", \"CVE-2017-5021\",\n \"CVE-2017-5022\", \"CVE-2017-5023\", \"CVE-2017-5024\", \"CVE-2017-5025\",\n \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\", \"CVE-2017-5032\",\n \"CVE-2017-5033\", \"CVE-2017-5034\", \"CVE-2017-5036\", \"CVE-2017-5039\",\n \"CVE-2017-5040\", \"CVE-2017-5044\", \"CVE-2017-5045\", \"CVE-2017-5046\",\n \"CVE-2017-5052\", \"CVE-2017-5053\", \"CVE-2017-5055\", \"CVE-2017-5057\",\n \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\",\n \"CVE-2017-5062\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\",\n \"CVE-2017-5068\", \"CVE-2017-5069\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtwebengine FEDORA-2017-58cde32413\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtwebengine'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtwebengine on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-58cde32413\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRHOZIPAIWULMGZJKJAYNTQUNKQAMBVN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtwebengine\", rpm:\"qt5-qtwebengine~5.9.0~4.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:28:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5023", "CVE-2017-5012", "CVE-2017-5009", "CVE-2016-5224", "CVE-2017-5037", "CVE-2017-5044", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5186", "CVE-2016-9651", "CVE-2017-5065", "CVE-2017-5026", "CVE-2016-9652", "CVE-2017-5033", "CVE-2017-5019", "CVE-2016-9650", "CVE-2016-5222", "CVE-2017-5059", "CVE-2016-5205", "CVE-2016-5221", "CVE-2017-5076", "CVE-2017-5017", "CVE-2016-5198", "CVE-2017-5007", "CVE-2016-5171", "CVE-2016-5133", "CVE-2017-5069", "CVE-2017-5050", "CVE-2016-5170", "CVE-2016-5207", "CVE-2017-5025", "CVE-2016-5215", "CVE-2016-5161", "CVE-2017-5071", "CVE-2017-5029", "CVE-2016-5147", "CVE-2017-5024", "CVE-2016-5185", "CVE-2017-5016", "CVE-2017-5046", "CVE-2017-5027", "CVE-2016-5181", "CVE-2017-5015", "CVE-2017-5047", "CVE-2017-5089", "CVE-2017-5010", "CVE-2017-5083", "CVE-2016-5214", "CVE-2017-5008", "CVE-2016-5153", "CVE-2016-5155", "CVE-2017-5067", "CVE-2017-5048", "CVE-2017-5075", "CVE-2017-5049", "CVE-2016-5188", "CVE-2017-5062", "CVE-2016-5192", "CVE-2017-5006", "CVE-2016-5172", "CVE-2017-5061", "CVE-2017-5070", "CVE-2017-5051", "CVE-2016-5187", "CVE-2016-5166", "CVE-2016-5078"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_98bed96d12_qt5-qtwebengine_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872901\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-24 05:44:15 +0200 (Mon, 24 Jul 2017)\");\n script_cve_id(\"CVE-2016-5133\", \"CVE-2016-5147\", \"CVE-2016-5153\", \"CVE-2016-5155\",\n \"CVE-2016-5161\", \"CVE-2016-5166\", \"CVE-2016-5170\", \"CVE-2016-5171\",\n \"CVE-2016-5172\", \"CVE-2016-5181\", \"CVE-2016-5185\", \"CVE-2016-5186\",\n \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5192\", \"CVE-2016-5198\",\n \"CVE-2016-5205\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5214\",\n \"CVE-2016-5215\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5224\",\n \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\",\n \"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\",\n \"CVE-2017-5010\", \"CVE-2017-5012\", \"CVE-2017-5015\", \"CVE-2017-5016\",\n \"CVE-2017-5017\", \"CVE-2017-5019\", \"CVE-2017-5023\", \"CVE-2017-5024\",\n \"CVE-2017-5025\", \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\",\n \"CVE-2017-5033\", \"CVE-2017-5037\", \"CVE-2017-5044\", \"CVE-2017-5046\",\n \"CVE-2017-5047\", \"CVE-2017-5048\", \"CVE-2017-5049\", \"CVE-2017-5050\",\n \"CVE-2017-5051\", \"CVE-2017-5059\", \"CVE-2017-5061\", \"CVE-2017-5062\",\n \"CVE-2017-5065\", \"CVE-2017-5067\", \"CVE-2017-5069\", \"CVE-2017-5070\",\n \"CVE-2017-5071\", \"CVE-2017-5075\", \"CVE-2017-5076\", \"CVE-2016-5078\",\n \"CVE-2017-5083\", \"CVE-2017-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtwebengine'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtwebengine on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-98bed96d12\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LV2U7SINGF3SBK7HVKSWFOYLQBUH6PUE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtwebengine\", rpm:\"qt5-qtwebengine~5.6.3~0.1.20170712gitee719ad313e564.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-04-14T15:09:07", "description": "The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 58.0.3029.81. It is, therefore, affected by the following vulnerabilities :\n\n - A type confusion error exists in PDFium in the CJS_Object::GetEmbedObject() function that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5057)\n\n - A use-after-free error exists in Print Preview that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5058)\n\n - A type confusion error exists in Blink due to improper handling of pseudo-elements in layout trees. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5059)\n\n - A spoofing vulnerability exists in url_formatter.cc due to improper handling of Cyrillic letters in domain names. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5060)\n\n - A flaw exists in the Omnibox component that is triggered as unloaded content may be rendered in a compositor frame after a navigation commit. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5061)\n\n - A use-after-free error exists in the Apps component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5062)\n\n - A heap-based buffer overflow condition exists in the Skia component in the spanSlowRate() function in SkLinearBitmapPipeline_sample.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution arbitrary code.\n (CVE-2017-5063)\n\n - A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5064)\n\n - A flaw exists in Blink due to a failure to properly close validation bubbles when uploading a document. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-5065)\n\n - A flaw exists in the Networking component due to a failure to verify certificate chains that have mismatching signature algorithms. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5066)\n\n - An unspecified flaw exists in the Omnibox component that allows an unauthenticated, remote attacker to spoof URLs. (CVE-2017-5067)\n\n - A same-origin policy bypass vulnerability exists in the PingLoader::sendViolationReport() function in PingLoader.cpp due to improper handling of HTTP Content-Type headers in CSP or XSS auditor violation reports. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2017-5069)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-24T00:00:00", "type": "nessus", "title": "Google Chrome < 58.0.3029.81 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_58_0_3029_81.NASL", "href": "https://www.tenable.com/plugins/nessus/99634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99634);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-5057\",\n \"CVE-2017-5058\",\n \"CVE-2017-5059\",\n \"CVE-2017-5060\",\n \"CVE-2017-5061\",\n \"CVE-2017-5062\",\n \"CVE-2017-5063\",\n \"CVE-2017-5064\",\n \"CVE-2017-5065\",\n \"CVE-2017-5066\",\n \"CVE-2017-5067\",\n \"CVE-2017-5069\"\n );\n script_bugtraq_id(97939);\n\n script_name(english:\"Google Chrome < 58.0.3029.81 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS or Mac OS X\nhost is prior to 58.0.3029.81. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A type confusion error exists in PDFium in the\n CJS_Object::GetEmbedObject() function that allows an\n unauthenticated, remote attacker to have an unspecified\n impact. (CVE-2017-5057)\n\n - A use-after-free error exists in Print Preview that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-5058)\n\n - A type confusion error exists in Blink due to improper\n handling of pseudo-elements in layout trees. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2017-5059)\n\n - A spoofing vulnerability exists in url_formatter.cc due\n to improper handling of Cyrillic letters in domain\n names. An unauthenticated, remote attacker can exploit\n this to spoof URLs in the address bar. (CVE-2017-5060)\n\n - A flaw exists in the Omnibox component that is triggered\n as unloaded content may be rendered in a compositor\n frame after a navigation commit. An unauthenticated,\n remote attacker can exploit this to spoof URLs in the\n address bar. (CVE-2017-5061)\n\n - A use-after-free error exists in the Apps component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-5062)\n\n - A heap-based buffer overflow condition exists in the\n Skia component in the spanSlowRate() function in\n SkLinearBitmapPipeline_sample.h due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution arbitrary code.\n (CVE-2017-5063)\n\n - A use-after-free error exists in Blink that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-5064)\n\n - A flaw exists in Blink due to a failure to properly\n close validation bubbles when uploading a document. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact. (CVE-2017-5065)\n\n - A flaw exists in the Networking component due to a\n failure to verify certificate chains that have\n mismatching signature algorithms. An unauthenticated,\n remote attacker can exploit this to have an unspecified\n impact. (CVE-2017-5066)\n\n - An unspecified flaw exists in the Omnibox component that\n allows an unauthenticated, remote attacker to spoof\n URLs. (CVE-2017-5067)\n\n - A same-origin policy bypass vulnerability exists in the\n PingLoader::sendViolationReport() function in\n PingLoader.cpp due to improper handling of HTTP\n Content-Type headers in CSP or XSS auditor violation\n reports. An unauthenticated, remote attacker can exploit\n this to bypass the same-origin policy. (CVE-2017-5069)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9ef6b47\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.xudongz.com/blog/2017/idn-phishing/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 58.0.3029.81 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5064\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'58.0.3029.81', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-14T15:10:32", "description": "Google Chrome Releases reports :\n\n29 security fixes in this release, including :\n\n- [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360\n\n- [694382] High CVE-2017-5058: Heap use after free in Print Preview.\nCredit to Khalil Zhani\n\n- [684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative\n\n- [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng\n\n- [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)\n\n- [702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous\n\n- [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip\n\n- [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar\n\n- [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani\n\n- [690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)\n\n- [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani\n\n- [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman\n\n- [713205] Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-24T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (95a74a48-2691-11e7-9e2d-e8e0b747a45a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_95A74A48269111E79E2DE8E0B747A45A.NASL", "href": "https://www.tenable.com/plugins/nessus/99616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99616);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (95a74a48-2691-11e7-9e2d-e8e0b747a45a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n29 security fixes in this release, including :\n\n- [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to\nGuang Gong of Alpha Team, Qihoo 360\n\n- [694382] High CVE-2017-5058: Heap use after free in Print Preview.\nCredit to Khalil Zhani\n\n- [684684] High CVE-2017-5059: Type confusion in Blink. Credit to\nSkyLined working with Trend Micro's Zero Day Initiative\n\n- [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to\nXudong Zheng\n\n- [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to\nHaosheng Wang (@gnehsoah)\n\n- [702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit\nto anonymous\n\n- [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to\nSweetchip\n\n- [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to\nWadih Matar\n\n- [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to\nKhalil Zhani\n\n- [690821] Medium CVE-2017-5066: Incorrect signature handing in\nNetworking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D\ncandidate Chu Chen (ICTT, Xidian University)\n\n- [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to\nKhalil Zhani\n\n- [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to\nMichael Reizelman\n\n- [713205] Various fixes from internal audits, fuzzing and other\ninitiatives\"\n );\n # https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9ef6b47\"\n );\n # https://vuxml.freebsd.org/freebsd/95a74a48-2691-11e7-9e2d-e8e0b747a45a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e9e10a7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<58.0.3029.81\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<58.0.3029.81\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-14T15:10:34", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 58.0.3029.81.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-26T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2017:1124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-1124.NASL", "href": "https://www.tenable.com/plugins/nessus/99682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1124. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99682);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n script_xref(name:\"RHSA\", value:\"2017:1124\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2017:1124)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 58.0.3029.81.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2017-5057, CVE-2017-5058,\nCVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062,\nCVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066,\nCVE-2017-5067, CVE-2017-5069)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2017/04/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5069\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1124\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-58.0.3029.81-1.el6_9\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-58.0.3029.81-1.el6_9\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-58.0.3029.81-1.el6_9\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-58.0.3029.81-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-14T15:11:04", "description": "The version of Google Chrome installed on the remote Windows host is prior to 58.0.3029.81. It is, therefore, affected by the following vulnerabilities :\n\n - A type confusion error exists in PDFium in the CJS_Object::GetEmbedObject() function that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5057)\n\n - A use-after-free error exists in Print Preview that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5058)\n\n - A type confusion error exists in Blink due to improper handling of pseudo-elements in layout trees. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5059)\n\n - A spoofing vulnerability exists in url_formatter.cc due to improper handling of Cyrillic letters in domain names. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5060)\n\n - A flaw exists in the Omnibox component that is triggered as unloaded content may be rendered in a compositor frame after a navigation commit. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5061)\n\n - A use-after-free error exists in the Apps component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5062)\n\n - A heap-based buffer overflow condition exists in the Skia component in the spanSlowRate() function in SkLinearBitmapPipeline_sample.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution arbitrary code.\n (CVE-2017-5063)\n\n - A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5064)\n\n - A flaw exists in Blink due to a failure to properly close validation bubbles when uploading a document. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-5065)\n\n - A flaw exists in the Networking component due to a failure to verify certificate chains that have mismatching signature algorithms. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5066)\n\n - An unspecified flaw exists in the Omnibox component that allows an unauthenticated, remote attacker to spoof URLs. (CVE-2017-5067)\n\n - A same-origin policy bypass vulnerability exists in the PingLoader::sendViolationReport() function in PingLoader.cpp due to improper handling of HTTP Content-Type headers in CSP or XSS auditor violation reports. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2017-5069)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-24T00:00:00", "type": "nessus", "title": "Google Chrome < 58.0.3029.81 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_58_0_3029_81.NASL", "href": "https://www.tenable.com/plugins/nessus/99633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99633);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-5057\",\n \"CVE-2017-5058\",\n \"CVE-2017-5059\",\n \"CVE-2017-5060\",\n \"CVE-2017-5061\",\n \"CVE-2017-5062\",\n \"CVE-2017-5063\",\n \"CVE-2017-5064\",\n \"CVE-2017-5065\",\n \"CVE-2017-5066\",\n \"CVE-2017-5067\",\n \"CVE-2017-5069\"\n );\n script_bugtraq_id(97939);\n\n script_name(english:\"Google Chrome < 58.0.3029.81 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 58.0.3029.81. It is, therefore, affected by the following\nvulnerabilities :\n\n - A type confusion error exists in PDFium in the\n CJS_Object::GetEmbedObject() function that allows an\n unauthenticated, remote attacker to have an unspecified\n impact. (CVE-2017-5057)\n\n - A use-after-free error exists in Print Preview that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-5058)\n\n - A type confusion error exists in Blink due to improper\n handling of pseudo-elements in layout trees. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2017-5059)\n\n - A spoofing vulnerability exists in url_formatter.cc due\n to improper handling of Cyrillic letters in domain\n names. An unauthenticated, remote attacker can exploit\n this to spoof URLs in the address bar. (CVE-2017-5060)\n\n - A flaw exists in the Omnibox component that is triggered\n as unloaded content may be rendered in a compositor\n frame after a navigation commit. An unauthenticated,\n remote attacker can exploit this to spoof URLs in the\n address bar. (CVE-2017-5061)\n\n - A use-after-free error exists in the Apps component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-5062)\n\n - A heap-based buffer overflow condition exists in the\n Skia component in the spanSlowRate() function in\n SkLinearBitmapPipeline_sample.h due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution arbitrary code.\n (CVE-2017-5063)\n\n - A use-after-free error exists in Blink that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-5064)\n\n - A flaw exists in Blink due to a failure to properly\n close validation bubbles when uploading a document. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact. (CVE-2017-5065)\n\n - A flaw exists in the Networking component due to a\n failure to verify certificate chains that have\n mismatching signature algorithms. An unauthenticated,\n remote attacker can exploit this to have an unspecified\n impact. (CVE-2017-5066)\n\n - An unspecified flaw exists in the Omnibox component that\n allows an unauthenticated, remote attacker to spoof\n URLs. (CVE-2017-5067)\n\n - A same-origin policy bypass vulnerability exists in the\n PingLoader::sendViolationReport() function in\n PingLoader.cpp due to improper handling of HTTP\n Content-Type headers in CSP or XSS auditor violation\n reports. An unauthenticated, remote attacker can exploit\n this to bypass the same-origin policy. (CVE-2017-5069)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9ef6b47\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.xudongz.com/blog/2017/idn-phishing/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 58.0.3029.81 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5064\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'58.0.3029.81', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-14T15:11:05", "description": "This update to Chromium 58.0.3029.81 fixes the following security issues (bsc#1035103) :\n\n - CVE-2017-5057: Type confusion in PDFium\n\n - CVE-2017-5058: Heap use after free in Print Preview\n\n - CVE-2017-5059: Type confusion in Blink\n\n - CVE-2017-5060: URL spoofing in Omnibox\n\n - CVE-2017-5061: URL spoofing in Omnibox\n\n - CVE-2017-5062: Use after free in Chrome Apps\n\n - CVE-2017-5063: Heap overflow in Skia\n\n - CVE-2017-5064: Use after free in Blink\n\n - CVE-2017-5065: Incorrect UI in Blink\n\n - CVE-2017-5066: Incorrect signature handing in Networking\n\n - CVE-2017-5067: URL spoofing in Omnibox\n\n - CVE-2017-5069: Cross-origin bypass in Blink", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2017-508)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-508.NASL", "href": "https://www.tenable.com/plugins/nessus/99648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-508.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99648);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2017-508)\");\n script_summary(english:\"Check for the openSUSE-2017-508 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Chromium 58.0.3029.81 fixes the following security\nissues (bsc#1035103) :\n\n - CVE-2017-5057: Type confusion in PDFium\n\n - CVE-2017-5058: Heap use after free in Print Preview\n\n - CVE-2017-5059: Type confusion in Blink\n\n - CVE-2017-5060: URL spoofing in Omnibox\n\n - CVE-2017-5061: URL spoofing in Omnibox\n\n - CVE-2017-5062: Use after free in Chrome Apps\n\n - CVE-2017-5063: Heap overflow in Skia\n\n - CVE-2017-5064: Use after free in Blink\n\n - CVE-2017-5065: Incorrect UI in Blink\n\n - CVE-2017-5066: Incorrect signature handing in Networking\n\n - CVE-2017-5067: URL spoofing in Omnibox\n\n - CVE-2017-5069: Cross-origin bypass in Blink\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-58.0.3029.81-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-debuginfo-58.0.3029.81-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-58.0.3029.81-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debuginfo-58.0.3029.81-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debugsource-58.0.3029.81-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromedriver-58.0.3029.81-104.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromedriver-debuginfo-58.0.3029.81-104.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromium-58.0.3029.81-104.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromium-debuginfo-58.0.3029.81-104.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"chromium-debugsource-58.0.3029.81-104.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-14T15:13:41", "description": "The remote host is affected by the vulnerability described in GLSA-201705-02 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass security restrictions or spoof content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-08T00:00:00", "type": "nessus", "title": "GLSA-201705-02 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201705-02.NASL", "href": "https://www.tenable.com/plugins/nessus/100016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201705-02.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100016);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5069\");\n script_xref(name:\"GLSA\", value:\"201705-02\");\n\n script_name(english:\"GLSA-201705-02 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201705-02\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, bypass security restrictions or spoof content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201705-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-58.0.3029.81'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 58.0.3029.81\"), vulnerable:make_list(\"lt 58.0.3029.81\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:48", "description": "The version of Google Chrome installed on the remote host is prior to 58.0.3029.81, and is affected by multiple vulnerabilities :\n\n - A type confusion error exists in PDFium in the 'CJS_Object::GetEmbedObject()' function that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5057)\n - A use-after-free error exists in Print Preview that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5058)\n - A type confusion error exists in Blink due to improper handling of pseudo-elements in layout trees. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5059)\n - A spoofing vulnerability exists in 'url_formatter.cc' due to improper handling of Cyrillic letters in domain names. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5060)\n - A flaw exists in the Omnibox component that is triggered as unloaded content may be rendered in a compositor frame after a navigation commit. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5061)\n - A use-after-free error exists in the Apps component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5062)\n - A heap-based buffer overflow condition exists in the Skia component in the 'spanSlowRate()' function in 'SkLinearBitmapPipeline_sample.h' due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution arbitrary code. (CVE-2017-5063)\n - A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5064)\n - A flaw exists in Blink due to a failure to properly close validation bubbles when uploading a document. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-5065)\n - A flaw exists in the Networking component due to a failure to verify certificate chains that have mismatching signature algorithms. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5066)\n - An unspecified flaw exists in the Omnibox component that allows an unauthenticated, remote attacker to spoof URLs. (CVE-2017-5067)\n - A same-origin policy bypass vulnerability exists in the 'PingLoader::sendViolationReport()' function in 'PingLoader.cpp' due to improper handling of HTTP Content-Type headers in CSP or XSS auditor violation reports. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2017-5069)", "cvss3": {"score": null, "vector": null}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "Google Chrome < 58.0.3029.81 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "700067.PASL", "href": "https://www.tenable.com/plugins/nnm/700067", "sourceData": "Binary data 700067.pasl", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:10:00", "description": "Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-23T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:chromium-native_client / chromium (2017-dc7ce3b314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:chromium-native_client", "p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-DC7CE3B314.NASL", "href": "https://www.tenable.com/plugins/nessus/100336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-dc7ce3b314.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100336);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5068\", \"CVE-2017-5069\");\n script_xref(name:\"FEDORA\", value:\"2017-dc7ce3b314\");\n\n script_name(english:\"Fedora 25 : 1:chromium-native_client / chromium (2017-dc7ce3b314)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to chromium 58. Move chrome-remote-desktop to user systemd\nservice. Security fixes for CVE-2017-5068, CVE-2017-5057,\nCVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,\nCVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065,\nCVE-2017-5066, CVE-2017-5067, CVE-2017-5069\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-dc7ce3b314\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:chromium-native_client and / or chromium\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:chromium-native_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"chromium-58.0.3029.110-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:chromium-native_client / chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-11T01:06:29", "description": "Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:chromium-native_client / chromium (2017-811133dc2c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:chromium-native_client", "p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-811133DC2C.NASL", "href": "https://www.tenable.com/plugins/nessus/101668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-811133dc2c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101668);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5068\", \"CVE-2017-5069\");\n script_xref(name:\"FEDORA\", value:\"2017-811133dc2c\");\n\n script_name(english:\"Fedora 26 : 1:chromium-native_client / chromium (2017-811133dc2c)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to chromium 58. Move chrome-remote-desktop to user systemd\nservice. Security fixes for CVE-2017-5068, CVE-2017-5057,\nCVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,\nCVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065,\nCVE-2017-5066, CVE-2017-5067, CVE-2017-5069\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-811133dc2c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:chromium-native_client and / or chromium\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:chromium-native_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc26\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"chromium-58.0.3029.110-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:chromium-native_client / chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-26T01:17:51", "description": "Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069\n\n----\n\nSecurity fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:chromium-native_client / chromium (2017-7d698eba8b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5054", "CVE-2017-5055", "CVE-2017-5056", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:chromium-native_client", "p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-7D698EBA8B.NASL", "href": "https://www.tenable.com/plugins/nessus/100606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7d698eba8b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100606);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5052\", \"CVE-2017-5053\", \"CVE-2017-5054\", \"CVE-2017-5055\", \"CVE-2017-5056\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5063\", \"CVE-2017-5064\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5068\", \"CVE-2017-5069\");\n script_xref(name:\"FEDORA\", value:\"2017-7d698eba8b\");\n\n script_name(english:\"Fedora 24 : 1:chromium-native_client / chromium (2017-7d698eba8b)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to chromium 58. Move chrome-remote-desktop to user systemd\nservice. Security fixes for CVE-2017-5068, CVE-2017-5057,\nCVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,\nCVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065,\nCVE-2017-5066, CVE-2017-5067, CVE-2017-5069\n\n----\n\nSecurity fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052,\nCVE-2017-5056, CVE-2017-5053\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7d698eba8b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 1:chromium-native_client and / or chromium\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:chromium-native_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC24\", reference:\"chromium-58.0.3029.110-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:chromium-native_client / chromium\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-26T01:16:25", "description": "This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.8.0:\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069.\n\nOther important changes include :\n\n - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.)\n\n - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again.\n\n - [QTBUG-56531] Enabled `filesystem:` protocol handler.\n\n - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering.\n\n - [QTBUG-60049] Enabled brotli support.\n\n - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details.\n\nIn addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5011", "CVE-2017-5012", "CVE-2017-5013", "CVE-2017-5014", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5018", "CVE-2017-5019", "CVE-2017-5020", "CVE-2017-5021", "CVE-2017-5022", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5036", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046", "CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5055", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-E83C26A8C9.NASL", "href": "https://www.tenable.com/plugins/nessus/101740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e83c26a8c9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101740);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\", \"CVE-2017-5010\", \"CVE-2017-5011\", \"CVE-2017-5012\", \"CVE-2017-5013\", \"CVE-2017-5014\", \"CVE-2017-5015\", \"CVE-2017-5016\", \"CVE-2017-5017\", \"CVE-2017-5018\", \"CVE-2017-5019\", \"CVE-2017-5020\", \"CVE-2017-5021\", \"CVE-2017-5022\", \"CVE-2017-5023\", \"CVE-2017-5024\", \"CVE-2017-5025\", \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\", \"CVE-2017-5032\", \"CVE-2017-5033\", \"CVE-2017-5034\", \"CVE-2017-5036\", \"CVE-2017-5039\", \"CVE-2017-5040\", \"CVE-2017-5044\", \"CVE-2017-5045\", \"CVE-2017-5046\", \"CVE-2017-5052\", \"CVE-2017-5053\", \"CVE-2017-5055\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5068\", \"CVE-2017-5069\");\n script_xref(name:\"FEDORA\", value:\"2017-e83c26a8c9\");\n\n script_name(english:\"Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update updates QtWebEngine to the 5.9.0 release. QtWebEngine\n5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine\ncomponent is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.8.0:\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,\nCVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013,\nCVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017,\nCVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021,\nCVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025,\nCVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032,\nCVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039,\nCVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046,\nCVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057,\nCVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,\nCVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067,\nCVE-2017-5068, and CVE-2017-5069.\n\nOther important changes include :\n\n - Based on Chromium 56.0.2924.122 with security fixes from\n Chromium up to version 58.0.3029.96. (5.8.0 was based on\n Chromium 53.0.2785.148 with security fixes from Chromium\n up to version 55.0.2883.75.)\n\n - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled\n by default on Linux, like it is in Chrome, due to poor\n options for enabling it conditionally and its heavy\n performance impact. Set the environment variable\n `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it\n again.\n\n - [QTBUG-56531] Enabled `filesystem:` protocol handler.\n\n - [QTBUG-57720] Optimized incremental scene-graph\n rendering in particular for software rendering.\n\n - [QTBUG-60049] Enabled brotli support.\n\n - Many bug fixes, see\n https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha\n nges-5.9.0?h=5.9 for details.\n\nIn addition, this build includes a fix for\nhttps://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility\nin QtWebEngine 5.9.0 compared to 5.8.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e83c26a8c9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugreports.qt.io/browse/QTBUG-61521\"\n );\n # https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3ac68dd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qt5-qtwebengine package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"qt5-qtwebengine-5.9.0-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-26T01:16:26", "description": "This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.8.0:\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069.\n\nOther important changes include :\n\n - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.)\n\n - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again.\n\n - [QTBUG-56531] Enabled `filesystem:` protocol handler.\n\n - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering.\n\n - [QTBUG-60049] Enabled brotli support.\n\n - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details.\n\nIn addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Fedora 25 : qt5-qtwebengine (2017-58cde32413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5011", "CVE-2017-5012", "CVE-2017-5013", "CVE-2017-5014", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5018", "CVE-2017-5019", "CVE-2017-5020", "CVE-2017-5021", "CVE-2017-5022", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5036", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046", "CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5055", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-58CDE32413.NASL", "href": "https://www.tenable.com/plugins/nessus/101504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-58cde32413.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101504);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\", \"CVE-2017-5010\", \"CVE-2017-5011\", \"CVE-2017-5012\", \"CVE-2017-5013\", \"CVE-2017-5014\", \"CVE-2017-5015\", \"CVE-2017-5016\", \"CVE-2017-5017\", \"CVE-2017-5018\", \"CVE-2017-5019\", \"CVE-2017-5020\", \"CVE-2017-5021\", \"CVE-2017-5022\", \"CVE-2017-5023\", \"CVE-2017-5024\", \"CVE-2017-5025\", \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\", \"CVE-2017-5032\", \"CVE-2017-5033\", \"CVE-2017-5034\", \"CVE-2017-5036\", \"CVE-2017-5039\", \"CVE-2017-5040\", \"CVE-2017-5044\", \"CVE-2017-5045\", \"CVE-2017-5046\", \"CVE-2017-5052\", \"CVE-2017-5053\", \"CVE-2017-5055\", \"CVE-2017-5057\", \"CVE-2017-5058\", \"CVE-2017-5059\", \"CVE-2017-5060\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5065\", \"CVE-2017-5066\", \"CVE-2017-5067\", \"CVE-2017-5068\", \"CVE-2017-5069\");\n script_xref(name:\"FEDORA\", value:\"2017-58cde32413\");\n\n script_name(english:\"Fedora 25 : qt5-qtwebengine (2017-58cde32413)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update updates QtWebEngine to the 5.9.0 release. QtWebEngine\n5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine\ncomponent is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.8.0:\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,\nCVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013,\nCVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017,\nCVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021,\nCVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025,\nCVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032,\nCVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039,\nCVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046,\nCVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057,\nCVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,\nCVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067,\nCVE-2017-5068, and CVE-2017-5069.\n\nOther important changes include :\n\n - Based on Chromium 56.0.2924.122 with security fixes from\n Chromium up to version 58.0.3029.96. (5.8.0 was based on\n Chromium 53.0.2785.148 with security fixes from Chromium\n up to version 55.0.2883.75.)\n\n - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled\n by default on Linux, like it is in Chrome, due to poor\n options for enabling it conditionally and its heavy\n performance impact. Set the environment variable\n `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it\n again.\n\n - [QTBUG-56531] Enabled `filesystem:` protocol handler.\n\n - [QTBUG-57720] Optimized incremental scene-graph\n rendering in particular for software rendering.\n\n - [QTBUG-60049] Enabled brotli support.\n\n - Many bug fixes, see\n https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha\n nges-5.9.0?h=5.9 for details.\n\nIn addition, this build includes a fix for\nhttps://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility\nin QtWebEngine 5.9.0 compared to 5.8.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-58cde32413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugreports.qt.io/browse/QTBUG-61521\"\n );\n # https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3ac68dd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qt5-qtwebengine package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"qt5-qtwebengine-5.9.0-4.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:54:51", "description": "This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS (long-term support) branch. This is a snapshot of the QtWebEngine that will be included in the bugfix and security release Qt 5.6.3, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.6.2:\nCVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214, CVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078, CVE-2017-5083, and CVE-2017-5089.\n\nOther important changes include :\n\n - Based on Chromium 49.0.2623.111 (the version used in QtWebEngine 5.7.x) with security fixes from Chromium up to version 59.0.3071.104. (5.6.2 was based on Chromium 45.0.2554.101 with security fixes from Chromium up to version 52.0.2743.116.)\n\n - All other bug fixes from QtWebEngine 5.7.1 have been backported.\n\nSee http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.\n6 for details. (Please note that at the time of this writing, not all security backports are listed in that file yet. The list above is accurate.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "Fedora 24 : qt5-qtwebengine (2017-98bed96d12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5078", "CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5155", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652", "CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5012", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5019", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5033", "CVE-2017-5037", "CVE-2017-5044", "CVE-2017-5046", "CVE-2017-5047", "CVE-2017-5048", "CVE-2017-5049", "CVE-2017-5050", "CVE-2017-5051", "CVE-2017-5059", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5067", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5083", "CVE-2017-5089"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-98BED96D12.NASL", "href": "https://www.tenable.com/plugins/nessus/101920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-98bed96d12.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101920);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5078\", \"CVE-2016-5133\", \"CVE-2016-5147\", \"CVE-2016-5153\", \"CVE-2016-5155\", \"CVE-2016-5161\", \"CVE-2016-5166\", \"CVE-2016-5170\", \"CVE-2016-5171\", \"CVE-2016-5172\", \"CVE-2016-5181\", \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5192\", \"CVE-2016-5198\", \"CVE-2016-5205\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\", \"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\", \"CVE-2017-5010\", \"CVE-2017-5012\", \"CVE-2017-5015\", \"CVE-2017-5016\", \"CVE-2017-5017\", \"CVE-2017-5019\", \"CVE-2017-5023\", \"CVE-2017-5024\", \"CVE-2017-5025\", \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\", \"CVE-2017-5033\", \"CVE-2017-5037\", \"CVE-2017-5044\", \"CVE-2017-5046\", \"CVE-2017-5047\", \"CVE-2017-5048\", \"CVE-2017-5049\", \"CVE-2017-5050\", \"CVE-2017-5051\", \"CVE-2017-5059\", \"CVE-2017-5061\", \"CVE-2017-5062\", \"CVE-2017-5065\", \"CVE-2017-5067\", \"CVE-2017-5069\", \"CVE-2017-5070\", \"CVE-2017-5071\", \"CVE-2017-5075\", \"CVE-2017-5076\", \"CVE-2017-5083\", \"CVE-2017-5089\");\n script_xref(name:\"FEDORA\", value:\"2017-98bed96d12\");\n\n script_name(english:\"Fedora 24 : qt5-qtwebengine (2017-98bed96d12)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS\n(long-term support) branch. This is a snapshot of the QtWebEngine that\nwill be included in the bugfix and security release Qt 5.6.3, but only\nthe QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.6.2:\nCVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155,\nCVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171,\nCVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186,\nCVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198,\nCVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214,\nCVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224,\nCVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652,\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,\nCVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016,\nCVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024,\nCVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029,\nCVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046,\nCVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050,\nCVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062,\nCVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070,\nCVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078,\nCVE-2017-5083, and CVE-2017-5089.\n\nOther important changes include :\n\n - Based on Chromium 49.0.2623.111 (the version used in\n QtWebEngine 5.7.x) with security fixes from Chromium up\n to version 59.0.3071.104. (5.6.2 was based on Chromium\n 45.0.2554.101 with security fixes from Chromium up to\n version 52.0.2743.116.)\n\n - All other bug fixes from QtWebEngine 5.7.1 have been\n backported.\n\nSee\nhttp://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.\n6 for details. (Please note that at the time of this writing, not all\nsecurity backports are listed in that file yet. The list above is\naccurate.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n # http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfc84d1b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-98bed96d12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qt5-qtwebengine package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2022-04-11T21:32:45", "description": "Arch Linux Security Advisory ASA-201704-5\n=========================================\n\nSeverity: Critical\nDate : 2017-04-20\nCVE-ID : CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060\nCVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064\nCVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-250\n\nSummary\n=======\n\nThe package chromium before version 58.0.3029.81-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\nincorrect calculation and same-origin policy bypass.\n\nResolution\n==========\n\nUpgrade to 58.0.3029.81-1.\n\n# pacman -Syu \"chromium>=58.0.3029.81-1\"\n\nThe problems have been fixed upstream in version 58.0.3029.81.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-5057 (arbitrary code execution)\n\nA type confusion issue has been found in the PDFium component of the\nChromium browser.\n\n- CVE-2017-5058 (arbitrary code execution)\n\nA heap use after free issue has been found in the Print Preview\ncomponent of the Chromium browser.\n\n- CVE-2017-5059 (arbitrary code execution)\n\nA type confusion issue has been found in the Blink component of the\nChromium browser.\n\n- CVE-2017-5060 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nChromium browser.\n\n- CVE-2017-5061 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nChromium browser.\n\n- CVE-2017-5062 (arbitrary code execution)\n\nA use after free issue has been found in the Chrome Apps component of\nthe Chromium browser.\n\n- CVE-2017-5063 (arbitrary code execution)\n\nA heap overflow issue has been found in the Skia component of the\nChromium browser.\n\n- CVE-2017-5064 (arbitrary code execution)\n\nA use after free flaw has been found in the Blink component of the\nChromium browser.\n\n- CVE-2017-5065 (content spoofing)\n\nAn incorrect UI issue has been found in the Blink component of the\nChromium browser.\n\n- CVE-2017-5066 (incorrect calculation)\n\nAn incorrect signature handing issue has been found in the Networking\ncomponent of the Chromium browser.\n\n- CVE-2017-5067 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nChromium browser.\n\n- CVE-2017-5069 (same-origin policy bypass)\n\nA cross-origin bypass issue has been found in the Blink component of\nthe Chromium browser.\n\nImpact\n======\n\nA remote attacker can spoof URL, bypass security checks and execute\narbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html\nhttps://crbug.com/695826\nhttps://crbug.com/694382\nhttps://crbug.com/684684\nhttps://crbug.com/683314\nhttps://crbug.com/672847\nhttps://crbug.com/702896\nhttps://crbug.com/700836\nhttps://crbug.com/693974\nhttps://crbug.com/704560\nhttps://crbug.com/690821\nhttps://crbug.com/648117\nhttps://crbug.com/691726\nhttps://security.archlinux.org/CVE-2017-5057\nhttps://security.archlinux.org/CVE-2017-5058\nhttps://security.archlinux.org/CVE-2017-5059\nhttps://security.archlinux.org/CVE-2017-5060\nhttps://security.archlinux.org/CVE-2017-5061\nhttps://security.archlinux.org/CVE-2017-5062\nhttps://security.archlinux.org/CVE-2017-5063\nhttps://security.archlinux.org/CVE-2017-5064\nhttps://security.archlinux.org/CVE-2017-5065\nhttps://security.archlinux.org/CVE-2017-5066\nhttps://security.archlinux.org/CVE-2017-5067\nhttps://security.archlinux.org/CVE-2017-5069", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-20T00:00:00", "type": "archlinux", "title": "[ASA-201704-5] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2017-04-20T00:00:00", "id": "ASA-201704-5", "href": "https://security.archlinux.org/ASA-201704-5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2022-04-11T21:31:45", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 58.0.3029.81.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-25T07:53:23", "type": "redhat", "title": "(RHSA-2017:1124) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2018-06-07T14:21:41", "id": "RHSA-2017:1124", "href": "https://access.redhat.com/errata/RHSA-2017:1124", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-04-11T23:04:24", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass security restrictions or spoof content. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-58.0.3029.81\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-07T00:00:00", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2017-05-07T00:00:00", "id": "GLSA-201705-02", "href": "https://security.gentoo.org/glsa/201705-02", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-04-11T21:47:28", "description": "\n\nGoogle Chrome Releases reports:\n\n29 security fixes in this release, including:\n\n[695826] High CVE-2017-5057: Type confusion in PDFium. Credit to\n\t Guang Gong of Alpha Team, Qihoo 360\n[694382] High CVE-2017-5058: Heap use after free in Print Preview.\n\t Credit to Khalil Zhani\n[684684] High CVE-2017-5059: Type confusion in Blink. Credit to\n\t SkyLined working with Trend Micro's Zero Day Initiative\n[683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to\n\t Xudong Zheng\n[672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to\n\t Haosheng Wang (@gnehsoah)\n[702896] Medium CVE-2017-5062: Use after free in Chrome Apps.\n\t Credit to anonymous\n[700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to\n\t Sweetchip\n[693974] Medium CVE-2017-5064: Use after free in Blink. Credit to\n\t Wadih Matar\n[704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to\n\t Khalil Zhani\n[690821] Medium CVE-2017-5066: Incorrect signature handing in Networking.\n\t Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen\n\t (ICTT, Xidian University)\n[648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to\n\t Khalil Zhani\n[691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to\n\t Michael Reizelman\n[713205] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-19T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2017-04-19T00:00:00", "id": "95A74A48-2691-11E7-9E2D-E8E0B747A45A", "href": "https://vuxml.freebsd.org/freebsd/95a74a48-2691-11e7-9e2d-e8e0b747a45a.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2022-04-12T05:31:53", "description": "The Chrome team is delighted to announce the promotion of Chrome 58 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.\n\n** \n** \n\n\nChrome 58.0.3029.81 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/57.0.2987.133..58.0.3029.81?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<http://chrome.blogspot.com/>) and[ Chromium](<http://blog.chromium.org/>) blog posts about new features and big efforts delivered in 58.\n\n## Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven&#x27;t yet fixed.\n\n** \n** \n\n\nThis update includes [29](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ARelease-0-M58>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n** \n\n\n[$3000][[695826](<https://crbug.com/695826>)] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360\n\n[$2000][[694382](<https://crbug.com/694382>)] High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani\n\n[$N/A][[684684](<https://crbug.com/684684>)] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative\n\n[$2000][[683314](<https://crbug.com/683314>)] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng\n\n[$2000][[672847](<https://crbug.com/672847>)] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)\n\n[$1500][[702896](<https://crbug.com/702896>)] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous\n\n[$1000][[700836](<https://crbug.com/700836>)] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip\n\n[$1000][[693974](<https://crbug.com/693974>)] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar\n\n[$500][[704560](<https://crbug.com/704560>)] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani\n\n[$500][[690821](<https://crbug.com/690821>)] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)\n\n[$500][[648117](<https://crbug.com/648117>)] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani\n\n[$N/A][[691726](<https://crbug.com/691726>)] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman\n\n** \n** \n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n** \n** \n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[713205](<https://crbug.com/713205>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), or [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>).\n\n** \n** \n\n\nInterested in switching release channels?[ Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by[ filing a bug](<http://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n** \n** \n\n\nKrishna Govind\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-19T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069"], "modified": "2017-04-19T00:00:00", "id": "GCSA-4059449663936197040", "href": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Google's \"pnacl\" toolchain for native client support in Chromium. Depends on their older \"nacl\" toolchain, packaged separately. ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-09T19:46:27", "type": "fedora", "title": "[SECURITY] Fedora 26 Update:\n chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-06-09T19:46:27", "id": "FEDORA:030966045A1A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Google's \"pnacl\" toolchain for native client support in Chromium. Depends on their older \"nacl\" toolchain, packaged separately. ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-23T00:42:50", "type": "fedora", "title": "[SECURITY] Fedora 25 Update:\n chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-05-23T00:42:50", "id": "FEDORA:AA6F760499C7", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-09T19:46:26", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: chromium-58.0.3029.110-2.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-06-09T19:46:26", "id": "FEDORA:745A960648C9", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-23T00:42:50", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: chromium-58.0.3029.110-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-05-23T00:42:50", "id": "FEDORA:75D176087481", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Google's \"pnacl\" toolchain for native client support in Chromium. Depends on their older \"nacl\" toolchain, packaged separately. ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-03T02:25:09", "type": "fedora", "title": "[SECURITY] Fedora 24 Update:\n chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5054", "CVE-2017-5055", "CVE-2017-5056", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-06-03T02:25:09", "id": "FEDORA:26C7E60200B1", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-03T02:25:08", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: chromium-58.0.3029.110-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5054", "CVE-2017-5055", "CVE-2017-5056", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-06-03T02:25:08", "id": "FEDORA:B8652601DA21", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Qt5 - QtWebEngine components. ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-12T03:27:41", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.9.0-4.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5011", "CVE-2017-5012", "CVE-2017-5013", "CVE-2017-5014", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5018", "CVE-2017-5019", "CVE-2017-5020", "CVE-2017-5021", "CVE-2017-5022", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5036", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046", "CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5055", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-07-12T03:27:41", "id": "FEDORA:0C3AC6087C5C", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Qt5 - QtWebEngine components. ", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-06T22:53:47", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.9.0-4.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5011", "CVE-2017-5012", "CVE-2017-5013", "CVE-2017-5014", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5018", "CVE-2017-5019", "CVE-2017-5020", "CVE-2017-5021", "CVE-2017-5022", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5036", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046", "CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5055", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2017-07-06T22:53:47", "id": "FEDORA:E7DA16095B45", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Qt5 - QtWebEngine components. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-07-23T21:52:43", "type": "fedora", "title": "[SECURITY] Fedora 24 Update:\n qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5078", "CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652", "CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5012", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5019", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5033", "CVE-2017-5037", "CVE-2017-5044", "CVE-2017-5046", "CVE-2017-5047", "CVE-2017-5048", "CVE-2017-5049", "CVE-2017-5050", "CVE-2017-5051", "CVE-2017-5059", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5067", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5083", "CVE-2017-5089"], "modified": "2017-07-23T21:52:43", "id": "FEDORA:E68A1603A526", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-04-11T23:42:39", "description": "### *Detect date*:\n04/19/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome earlier than 58.0.3029.81. Malicious users can exploit these vulnerabilities to execute arbitrary code and spoof user interface.\n\n### *Affected products*:\nGoogle Chrome earlier than 58.0.3029.81 (All branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Download Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2017-5057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5057>)6.8High \n[CVE-2017-5058](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5058>)6.8High \n[CVE-2017-5059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5059>)6.8High \n[CVE-2017-5060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5060>)4.3Warning \n[CVE-2017-5061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5061>)2.6Warning \n[CVE-2017-5062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5062>)6.8High \n[CVE-2017-5063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5063>)6.8High \n[CVE-2017-5064](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5064>)6.8High \n[CVE-2017-5065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5065>)4.3Warning \n[CVE-2017-5066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5066>)4.3Warning \n[CVE-2017-5067](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5067>)4.3Warning \n[CVE-2017-5068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5068>)5.1High \n[CVE-2017-5069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5069>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-19T00:00:00", "type": "kaspersky", "title": "KLA11000 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"], "modified": "2020-06-03T00:00:00", "id": "KLA11000", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11000/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085, CVE-2017-5086, CVE-2017-5087, CVE-2017-5088, CVE-2017-5089, CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-6991) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-28T22:48:03", "type": "mageia", "title": "Chromium-browser 60.0.3112.101 fixes security issues\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5072", "CVE-2017-5073", "CVE-2017-5074", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5077", "CVE-2017-5078", "CVE-2017-5079", "CVE-2017-5080", "CVE-2017-5081", "CVE-2017-5082", "CVE-2017-5083", "CVE-2017-5085", "CVE-2017-5086", "CVE-2017-5087", "CVE-2017-5088", "CVE-2017-5089", "CVE-2017-5091", "CVE-2017-5092", "CVE-2017-5093", "CVE-2017-5094", "CVE-2017-5095", "CVE-2017-5096", "CVE-2017-5097", "CVE-2017-5098", "CVE-2017-5099", "CVE-2017-5100", "CVE-2017-5101", "CVE-2017-5102", "CVE-2017-5103", "CVE-2017-5104", "CVE-2017-5105", "CVE-2017-5106", "CVE-2017-5107", "CVE-2017-5108", "CVE-2017-5109", "CVE-2017-5110", "CVE-2017-6991"], "modified": "2017-08-28T22:48:02", "id": "MGASA-2017-0317", "href": "https://advisories.mageia.org/MGASA-2017-0317.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}