Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-A1AF621FAF.NASL
HistoryJul 25, 2019 - 12:00 a.m.

Fedora 29 : chromium (2019-a1af621faf)

2019-07-2500:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.685 Medium

EPSS

Percentile

98.0%

JSON

Fix itinerant crashes.

Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :(

Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-a1af621faf.
#

include('compat.inc');

if (description)
{
  script_id(126995);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/08");

  script_cve_id(
    "CVE-2019-5805",
    "CVE-2019-5806",
    "CVE-2019-5807",
    "CVE-2019-5808",
    "CVE-2019-5809",
    "CVE-2019-5810",
    "CVE-2019-5811",
    "CVE-2019-5812",
    "CVE-2019-5813",
    "CVE-2019-5814",
    "CVE-2019-5815",
    "CVE-2019-5816",
    "CVE-2019-5817",
    "CVE-2019-5818",
    "CVE-2019-5819",
    "CVE-2019-5820",
    "CVE-2019-5821",
    "CVE-2019-5822",
    "CVE-2019-5823",
    "CVE-2019-5824",
    "CVE-2019-5825",
    "CVE-2019-5826",
    "CVE-2019-5827",
    "CVE-2019-5828",
    "CVE-2019-5829",
    "CVE-2019-5830",
    "CVE-2019-5831",
    "CVE-2019-5832",
    "CVE-2019-5833",
    "CVE-2019-5834",
    "CVE-2019-5835",
    "CVE-2019-5836",
    "CVE-2019-5837",
    "CVE-2019-5838",
    "CVE-2019-5839",
    "CVE-2019-5840",
    "CVE-2019-5842"
  );
  script_xref(name:"FEDORA", value:"2019-a1af621faf");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");

  script_name(english:"Fedora 29 : chromium (2019-a1af621faf)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Fix itinerant crashes.

----

Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE
fixes. vaapi support disabled, just too broken. :(

Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808
CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814
CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821
CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832
CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837
CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a1af621faf");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5836");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 72 and 73 Array.map exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC29", reference:"chromium-75.0.3770.100-3.fc29")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}
VendorProductVersionCPE
fedoraprojectfedorachromiump-cpe:/a:fedoraproject:fedora:chromium
fedoraprojectfedora29cpe:/o:fedoraproject:fedora:29

References

Related

openvas 26
fedora 3
nessus 27
suse 9
chrome 3
archlinux 2
kaspersky 4
redhat 3
debian 2
osv 1
gentoo 1
mageia 1
ubuntucve 19
prion 17
debiancve 17
redhatcve 14
nvd 18
cvelist 14
cve 18
openvas
openvas
Fedora Update for chromium FEDORA-2019-a1af621faf
2019-07-25 00:00:00
Fedora Update for chromium FEDORA-2019-8fb8240d14
2019-07-02 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_23-2019-04) - Linux
2019-04-26 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: chromium-75.0.3770.100-3.fc29
2019-07-25 01:51:57
[SECURITY] Fedora 30 Update: chromium-75.0.3770.100-2.fc30
2019-07-01 01:09:45
[SECURITY] Fedora 29 Update: qt5-qtwebengine-5.12.5-2.fc29
2019-10-14 16:48:21
nessus
nessus
Fedora 30 : chromium (2019-8fb8240d14)
2019-07-01 00:00:00
RHEL 6 : chromium-browser (RHSA-2019:1021)
2019-05-08 00:00:00
Google Chrome < 74.0.3729.108 Multiple Vulnerabilities
2019-04-25 00:00:00
suse
suse
Security update for chromium (important)
2019-05-23 00:00:00
Security update for chromium (important)
2019-05-04 00:00:00
Security update for chromium (important)
2019-05-04 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2019-04-23 00:00:00
Stable Channel Update for Desktop
2019-06-04 00:00:00
Stable Channel Update for Desktop
2019-04-30 00:00:00
archlinux
archlinux
[ASA-201904-12] chromium: multiple issues
2019-04-24 00:00:00
[ASA-201906-4] chromium: multiple issues
2019-06-07 00:00:00
kaspersky
kaspersky
KLA11474 Multiple vulnerabilities in Google Chrome
2019-04-23 00:00:00
KLA11736 Multiple vulnerabilities in Opera
2019-06-19 00:00:00
KLA11491 Multiple vulnerabilities in Google Chrome
2019-06-04 00:00:00
redhat
redhat
(RHSA-2019:1477) Important: chromium-browser security update
2019-06-17 07:17:35
(RHSA-2019:1021) Important: chromium-browser security update
2019-05-07 15:56:33
(RHSA-2019:1243) Important: chromium-browser security update
2019-05-16 20:01:47
debian
debian
[SECURITY] [DSA 4500-1] chromium security update
2019-08-13 05:17:57
[SECURITY] [DSA 4500-1] chromium security update
2019-08-13 05:17:57
osv
osv
chromium - security update
2019-08-12 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2019-08-15 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2019-09-21 14:07:28
ubuntucve
ubuntucve
CVE-2019-5826
2019-11-25 00:00:00
CVE-2019-5821
2019-06-27 00:00:00
CVE-2019-5811
2019-06-27 00:00:00
prion
prion
Design/Logic Flaw
2019-11-25 20:15:00
Design/Logic Flaw
2019-06-27 17:15:00
Integer overflow
2019-06-27 17:15:00
debiancve
debiancve
CVE-2019-5826
2019-11-25 20:15:11
CVE-2019-5808
2019-06-27 17:15:13
CVE-2019-5816
2019-06-27 17:15:14
redhatcve
redhatcve
CVE-2019-5816
2019-04-25 08:26:11
CVE-2019-5811
2019-04-25 08:25:19
CVE-2019-5821
2019-04-25 08:22:46
nvd
nvd
CVE-2019-5816
2019-06-27 17:15:14
CVE-2019-5826
2019-11-25 20:15:11
CVE-2019-5811
2019-06-27 17:15:14
cvelist
cvelist
CVE-2019-5826
2019-11-25 19:41:18
CVE-2019-5811
2019-06-27 16:13:43
CVE-2019-5808
2019-06-27 16:13:43
cve
cve
CVE-2019-5807
2019-06-27 17:15:13
CVE-2019-5811
2019-06-27 17:15:14
CVE-2019-5821
2019-06-27 17:15:14

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.685 Medium

EPSS

Percentile

98.0%

JSON
Related for FEDORA_2019-A1AF621FAF.NASL
openvas26fedora3nessus27suse9chrome3archlinux2kaspersky4redhat3debian2osv1gentoo1mageia1ubuntucve19prion17debiancve17redhatcve14nvd18cvelist14cve18