Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-108.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : libxslt (openSUSE-2012-108)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.006

Percentile

78.0%

JSON

Fix crash due to out of bounds read in libxslt

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-108.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74544);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2011-3970");

  script_name(english:"openSUSE Security Update : libxslt (openSUSE-2012-108)");
  script_summary(english:"Check for the openSUSE-2012-108 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:"Fix crash due to out of bounds read in libxslt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=746039"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libxslt packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-python-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"libxslt-debugsource-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libxslt-devel-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libxslt-python-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libxslt-python-debuginfo-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libxslt-python-debugsource-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libxslt1-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libxslt1-debuginfo-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxslt1-32bit-1.1.26-15.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxslt1-debuginfo-32bit-1.1.26-15.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt-python / libxslt-python-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuselibxslt-debugsourcep-cpe:/a:novell:opensuse:libxslt-debugsource
novellopensuselibxslt-develp-cpe:/a:novell:opensuse:libxslt-devel
novellopensuselibxslt-devel-32bitp-cpe:/a:novell:opensuse:libxslt-devel-32bit
novellopensuselibxslt-pythonp-cpe:/a:novell:opensuse:libxslt-python
novellopensuselibxslt-python-debuginfop-cpe:/a:novell:opensuse:libxslt-python-debuginfo
novellopensuselibxslt-python-debugsourcep-cpe:/a:novell:opensuse:libxslt-python-debugsource
novellopensuselibxslt1p-cpe:/a:novell:opensuse:libxslt1
novellopensuselibxslt1-32bitp-cpe:/a:novell:opensuse:libxslt1-32bit
novellopensuselibxslt1-debuginfop-cpe:/a:novell:opensuse:libxslt1-debuginfo
novellopensuselibxslt1-debuginfo-32bitp-cpe:/a:novell:opensuse:libxslt1-debuginfo-32bit
Rows per page:
1-10 of 111

Related

gentoo 2
prion 1
openvas 35
nessus 28
securityvulns 5
debiancve 1
cvelist 1
cve 1
ubuntucve 1
nvd 1
fedora 3
veracode 5
amazon 1
oraclelinux 1
centos 1
redhat 2
ubuntu 1
vmware 2
threatpost 1
freebsd 1
chrome 1
kitploit 1
tenable 1
gentoo
gentoo
libxslt: Denial of service
2012-03-06 00:00:00
Chromium: Multiple vulnerabilities
2012-02-18 00:00:00
prion
prion
Out-of-bounds
2012-02-09 04:10:00
openvas
openvas
Mandriva Update for libxslt MDVSA-2012:028 (libxslt)
2012-03-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0464-1)
2021-06-09 00:00:00
Mandriva Update for libxslt MDVSA-2012:028 (libxslt)
2012-03-07 00:00:00
nessus
nessus
openSUSE Security Update : libxslt (openSUSE-SU-2012:0343-1)
2014-06-13 00:00:00
SuSE 10 Security Update : libxslt (ZYPP Patch Number 8019)
2012-04-06 00:00:00
SuSE 11.1 Security Update : libxslt (SAT Patch Number 5810)
2012-04-04 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library
2011-02-11 00:00:00
[ MDVSA-2012:028 ] libxslt
2012-03-09 00:00:00
libxslt out-of-bounds read
2012-03-09 00:00:00
debiancve
debiancve
CVE-2011-3970
2012-02-09 04:10:29
cvelist
cvelist
CVE-2011-3970
2012-02-09 02:00:00
cve
cve
CVE-2011-3970
2012-02-09 04:10:29
ubuntucve
ubuntucve
CVE-2011-3970
2012-02-08 00:00:00
nvd
nvd
CVE-2011-3970
2012-02-09 04:10:29
fedora
fedora
[SECURITY] Fedora 16 Update: libxslt-1.1.26-9.fc16
2012-09-27 04:27:12
[SECURITY] Fedora 18 Update: libxslt-1.1.27-2.fc18
2012-12-09 06:31:24
[SECURITY] Fedora 17 Update: libxslt-1.1.26-10.fc17
2012-09-26 09:11:57
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
amazon
amazon
Important: libxslt
2012-09-22 21:33:00
oraclelinux
oraclelinux
libxslt security update
2012-09-13 00:00:00
centos
centos
libxslt security update
2012-09-13 18:02:29
redhat
redhat
(RHSA-2012:1265) Important: libxslt security update
2012-09-13 00:00:00
(RHSA-2012:1325) Important: rhev-hypervisor6 security and bug fix update
2012-10-02 00:00:00
ubuntu
ubuntu
libxslt vulnerabilities
2012-10-04 00:00:00
vmware
vmware
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
threatpost
threatpost
Google Fixes 20 Flaws in Chrome, Adds Scanning of Downloaded Files
2012-02-08 20:18:23
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-02-08 00:00:00
chrome
chrome
Stable Channel Update
2012-02-08 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.006

Percentile

78.0%

JSON
Related for OPENSUSE-2012-108.NASL
gentoo2prion1openvas35nessus28securityvulns5debiancve1cvelist1cve1ubuntucve1nvd1fedora3veracode5amazon1oraclelinux1centos1redhat2ubuntu1vmware2threatpost1freebsd1chrome1kitploit1tenable1