Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2017-1218.NASL
HistoryOct 30, 2017 - 12:00 a.m.

openSUSE Security Update : libjpeg-turbo (openSUSE-2017-1218)

2017-10-3000:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.6%

JSON

This update for libjpeg-turbo to version 1.5.2 fixes the following issues :

  • CVE-2017-15232: NULL pointer dereference in jdpostct.c and jquant1.c (boo#1062937)

This compatible version update contains the following improvements :

  • Improved and updated upsampling support and sampling factors

  • Memory handling correctness fixes

  • Improved robustness when decoding images

This version is a dependency of Chromium 62.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-1218.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(104243);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2017-15232");

  script_name(english:"openSUSE Security Update : libjpeg-turbo (openSUSE-2017-1218)");
  script_summary(english:"Check for the openSUSE-2017-1218 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libjpeg-turbo to version 1.5.2 fixes the following
issues :

  - CVE-2017-15232: NULL pointer dereference in jdpostct.c
    and jquant1.c (boo#1062937)

This compatible version update contains the following improvements :

  - Improved and updated upsampling support and sampling
    factors

  - Memory handling correctness fixes

  - Improved robustness when decoding images

This version is a dependency of Chromium 62."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062937"
  );
  # https://features.opensuse.org/324061
  script_set_attribute(
    attribute:"see_also",
    value:"https://features.opensuse.org/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libjpeg-turbo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-turbo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-turbo-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"libjpeg-turbo-1.5.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg-turbo-debuginfo-1.5.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg-turbo-debugsource-1.5.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg62-62.2.0-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg62-debuginfo-62.2.0-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg62-devel-62.2.0-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg62-turbo-1.5.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg62-turbo-debugsource-1.5.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg8-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg8-debuginfo-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libjpeg8-devel-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libturbojpeg0-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libturbojpeg0-debuginfo-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjpeg62-32bit-62.2.0-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjpeg62-debuginfo-32bit-62.2.0-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjpeg62-devel-32bit-62.2.0-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjpeg8-32bit-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjpeg8-debuginfo-32bit-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libjpeg8-devel-32bit-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libturbojpeg0-32bit-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libturbojpeg0-debuginfo-32bit-8.1.2-35.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg-turbo-1.5.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg-turbo-debuginfo-1.5.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg-turbo-debugsource-1.5.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-62.2.0-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-debuginfo-62.2.0-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-devel-62.2.0-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-turbo-1.5.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-turbo-debugsource-1.5.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg8-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg8-debuginfo-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg8-devel-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libturbojpeg0-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libturbojpeg0-debuginfo-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg62-32bit-62.2.0-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg62-debuginfo-32bit-62.2.0-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg62-devel-32bit-62.2.0-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg8-32bit-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg8-debuginfo-32bit-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg8-devel-32bit-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libturbojpeg0-32bit-8.1.2-38.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libturbojpeg0-debuginfo-32bit-8.1.2-38.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo / libjpeg-turbo-debuginfo / libjpeg-turbo-debugsource / etc");
}
VendorProductVersionCPE
novellopensuselibjpeg-turbop-cpe:/a:novell:opensuse:libjpeg-turbo
novellopensuselibjpeg-turbo-debuginfop-cpe:/a:novell:opensuse:libjpeg-turbo-debuginfo
novellopensuselibjpeg-turbo-debugsourcep-cpe:/a:novell:opensuse:libjpeg-turbo-debugsource
novellopensuselibjpeg62p-cpe:/a:novell:opensuse:libjpeg62
novellopensuselibjpeg62-32bitp-cpe:/a:novell:opensuse:libjpeg62-32bit
novellopensuselibjpeg62-debuginfop-cpe:/a:novell:opensuse:libjpeg62-debuginfo
novellopensuselibjpeg62-debuginfo-32bitp-cpe:/a:novell:opensuse:libjpeg62-debuginfo-32bit
novellopensuselibjpeg62-develp-cpe:/a:novell:opensuse:libjpeg62-devel
novellopensuselibjpeg62-devel-32bitp-cpe:/a:novell:opensuse:libjpeg62-devel-32bit
novellopensuselibjpeg62-turbop-cpe:/a:novell:opensuse:libjpeg62-turbo
Rows per page:
1-10 of 231

Related

openvas 11
redhatcve 1
nessus 17
cvelist 1
alpinelinux 1
osv 1
nvd 1
mageia 1
debiancve 1
ubuntucve 1
cve 1
prion 1
photon 1
ibm 5
ubuntu 1
cloudfoundry 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:0373-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2093)
2021-07-07 00:00:00
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2144)
2021-07-07 00:00:00
redhatcve
redhatcve
CVE-2017-15232
2019-10-12 01:22:12
nessus
nessus
EulerOS Virtualization 3.0.2.2 : libjpeg-turbo (EulerOS-SA-2021-2144)
2021-07-21 00:00:00
SUSE SLED12 / SLES12 Security Update : libjpeg-turbo (SUSE-SU-2018:0373-1)
2018-02-07 00:00:00
openSUSE Security Update : libjpeg-turbo (openSUSE-2018-141)
2018-02-08 00:00:00
cvelist
cvelist
CVE-2017-15232
2017-10-11 03:00:00
alpinelinux
alpinelinux
CVE-2017-15232
2017-10-11 03:29:00
osv
osv
CVE-2017-15232
2017-10-11 03:29:00
nvd
nvd
CVE-2017-15232
2017-10-11 03:29:00
mageia
mageia
Updated libjpeg packages fix a security vulnerability
2017-11-10 22:33:09
debiancve
debiancve
CVE-2017-15232
2017-10-11 03:29:00
ubuntucve
ubuntucve
CVE-2017-15232
2017-10-10 00:00:00
cve
cve
CVE-2017-15232
2017-10-11 03:29:00
prion
prion
Null pointer dereference
2017-10-11 03:29:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0007
2017-12-18 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libjpeg
2023-12-07 22:45:03
Security Bulletin: Vulnerabilities in libjpeg affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:25:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg
2023-12-07 22:45:02
ubuntu
ubuntu
libjpeg-turbo vulnerabilities
2018-07-09 00:00:00
cloudfoundry
cloudfoundry
USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2018-07-19 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.6%

JSON
Related for OPENSUSE-2017-1218.NASL
openvas11redhatcve1nessus17cvelist1alpinelinux1osv1nvd1mageia1debiancve1ubuntucve1cve1prion1photon1ibm5ubuntu1cloudfoundry1