Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2015-900.NASLHistoryDec 17, 2015 - 12:00 a.m.
openSUSE Security Update : libraw (openSUSE-2015-900)
2015-12-1700:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.017
Percentile
87.9%
This update fixes the following security issue :
- CVE-2015-8367 - It was found that phase_one_correct function does not handle memory object’s initialization correctly, which may have unspecified impact (bsc#957517).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-900.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87444);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2015-8367");
script_name(english:"openSUSE Security Update : libraw (openSUSE-2015-900)");
script_summary(english:"Check for the openSUSE-2015-900 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes the following security issue :
- CVE-2015-8367 - It was found that phase_one_correct
function does not handle memory object’s
initialization correctly, which may have unspecified
impact (bsc#957517)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957517"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libraw packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw10-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libraw9-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/17");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"libraw-debugsource-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libraw-devel-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libraw-devel-static-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libraw-tools-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libraw-tools-debuginfo-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libraw9-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libraw9-debuginfo-0.15.4-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw-debugsource-0.16.0-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw-devel-0.16.0-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw-devel-static-0.16.0-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw-tools-0.16.0-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw-tools-debuginfo-0.16.0-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw10-0.16.0-2.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libraw10-debuginfo-0.16.0-2.6.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libraw-debugsource / libraw-devel / libraw-devel-static / etc");
}
Related
freebsd
freebsd
libraw -- memory objects not properly initialized
2015-11-30 00:00:00
nessus
nessus
openSUSE Security Update : libraw (openSUSE-2016-1264)
2016-11-07 00:00:00
FreeBSD : libraw -- memory objects not properly initialized (6bc6eed2-9cca-11e5-8c2b-c335fa8985d7)
2015-12-08 00:00:00
Fedora 22 : LibRaw-0.16.2-3.fc22 (2015-a288773b9a)
2016-03-04 00:00:00
ubuntucve
ubuntucve
CVE-2015-8367
2015-12-02 00:00:00
prion
prion
Information disclosure
2020-01-14 16:15:00
cve
cve
CVE-2015-8367
2020-01-14 16:15:11
alpinelinux
alpinelinux
CVE-2015-8367
2020-01-14 16:15:11
debiancve
debiancve
CVE-2015-8367
2020-01-14 16:15:11
cvelist
cvelist
CVE-2015-8367
2020-01-14 15:19:49
veracode
veracode
Arbitrary Code Execution
2020-05-10 23:23:44
osv
osv
CVE-2015-8367
2020-01-14 16:15:11
nvd
nvd
CVE-2015-8367
2020-01-14 16:15:11
fedora
fedora
[SECURITY] Fedora 23 Update: LibRaw-0.16.2-3.fc23
2015-12-07 20:31:39
[SECURITY] Fedora 22 Update: LibRaw-0.16.2-3.fc22
2015-12-12 01:57:39
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0469)
2015-12-11 00:00:00
Ubuntu: Security Advisory (USN-3492-1)
2017-11-23 00:00:00
mageia
mageia
Updated libraw packages fix security vulnerabilities
2015-12-10 23:57:35
gentoo
gentoo
LibRaw: Multiple vulnerabilities
2017-01-24 00:00:00
ubuntu
ubuntu
LibRaw vulnerabilities
2017-11-22 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.017
Percentile
87.9%
Related for OPENSUSE-2015-900.NASL