Lucene search
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2017-625.NASLHistoryMay 30, 2017 - 12:00 a.m.
openSUSE Security Update : libsndfile (openSUSE-2017-625)
2017-05-3000:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.2%
This update for libsndfile fixes the following issues :
-
CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946)
-
CVE-2017-8362: Invalid memory read in flac_buffer_copy.
(bsc#1036943) -
CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945)
-
CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially crafted FLAC files.
(bsc#1033054)
This update was imported from the SUSE:SLE-12:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-625.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(100501);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-7585", "CVE-2017-7741", "CVE-2017-7742", "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365");
script_name(english:"openSUSE Security Update : libsndfile (openSUSE-2017-625)");
script_summary(english:"Check for the openSUSE-2017-625 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for libsndfile fixes the following issues :
- CVE-2017-8361: Global buffer overflow in
flac_buffer_copy. (bsc#1036946)
- CVE-2017-8362: Invalid memory read in flac_buffer_copy.
(bsc#1036943)
- CVE-2017-8363: Heap-based buffer overflow in
flac_buffer_copy. (bsc#1036945)
- CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based
buffer overflows via specially crafted FLAC files.
(bsc#1033054)
This update was imported from the SUSE:SLE-12:Update update project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1033054"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1033914"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1033915"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036943"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036944"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036945"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036946"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038856"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libsndfile packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile-progs-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsndfile1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/07");
script_set_attribute(attribute:"patch_publication_date", value:"2017/05/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile-debugsource-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile-devel-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile-progs-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile-progs-debuginfo-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile-progs-debugsource-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile1-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libsndfile1-debuginfo-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libsndfile1-32bit-1.0.25-26.6.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libsndfile1-debuginfo-32bit-1.0.25-26.6.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsndfile-progs / libsndfile-progs-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libsndfile-debugsource | p-cpe:/a:novell:opensuse:libsndfile-debugsource |
| novell | opensuse | libsndfile-devel | p-cpe:/a:novell:opensuse:libsndfile-devel |
| novell | opensuse | libsndfile-progs | p-cpe:/a:novell:opensuse:libsndfile-progs |
| novell | opensuse | libsndfile-progs-debuginfo | p-cpe:/a:novell:opensuse:libsndfile-progs-debuginfo |
| novell | opensuse | libsndfile-progs-debugsource | p-cpe:/a:novell:opensuse:libsndfile-progs-debugsource |
| novell | opensuse | libsndfile1 | p-cpe:/a:novell:opensuse:libsndfile1 |
| novell | opensuse | libsndfile1-32bit | p-cpe:/a:novell:opensuse:libsndfile1-32bit |
| novell | opensuse | libsndfile1-debuginfo | p-cpe:/a:novell:opensuse:libsndfile1-debuginfo |
| novell | opensuse | libsndfile1-debuginfo-32bit | p-cpe:/a:novell:opensuse:libsndfile1-debuginfo-32bit |
| novell | opensuse | 42.2 | cpe:/o:novell:opensuse:42.2 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8361
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8365
bugzilla.opensuse.org/show_bug.cgi?id=1033054
bugzilla.opensuse.org/show_bug.cgi?id=1033914
bugzilla.opensuse.org/show_bug.cgi?id=1033915
bugzilla.opensuse.org/show_bug.cgi?id=1036943
bugzilla.opensuse.org/show_bug.cgi?id=1036944
bugzilla.opensuse.org/show_bug.cgi?id=1036945
bugzilla.opensuse.org/show_bug.cgi?id=1036946
bugzilla.opensuse.org/show_bug.cgi?id=1038856
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1236-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1367-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3306-1)
2017-06-02 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2017:1367-1)
2017-05-23 00:00:00
SUSE SLES11 Security Update : libsndfile (SUSE-SU-2017:1236-1)
2017-05-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : libsndfile vulnerabilities (USN-3306-1)
2017-06-02 00:00:00
ubuntu
ubuntu
libsndfile vulnerabilities
2017-06-01 00:00:00
mageia
mageia
Updated libsndfile packages fix security vulnerabilities
2017-06-12 10:42:23
fedora
fedora
[SECURITY] Fedora 25 Update: libsndfile-1.0.28-2.fc25
2017-06-12 21:42:34
[SECURITY] Fedora 24 Update: libsndfile-1.0.28-2.fc24
2017-06-15 08:23:07
[SECURITY] Fedora 26 Update: libsndfile-1.0.28-2.fc26
2017-06-09 20:25:15
osv
osv
libsndfile - security update
2017-05-28 00:00:00
CVE-2017-7742
2017-04-12 18:59:00
CVE-2017-7741
2017-04-12 18:59:00
debian
debian
[SECURITY] [DLA 956-1] libsndfile security update
2017-05-28 13:04:33
[SECURITY] [DLA 928-1] libsndfile security update
2017-04-29 19:32:36
[SECURITY] [DLA 1618-1] libsndfile security update
2018-12-26 08:42:22
freebsd
freebsd
libsndfile -- multiple vulnerabilities
2017-04-12 00:00:00
libsndfile -- multiple vulnerabilities
2017-04-07 00:00:00
gentoo
gentoo
libsndfile: Multiple vulnerabilities
2017-07-08 00:00:00
libsndfile: Multiple vulnerabilities
2018-11-30 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
alpinelinux
alpinelinux
nvd
nvd
prion
prion
cvelist
cvelist
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:23:53
Denial Of Service (DoS)
2020-05-10 23:23:51
Denial Of Service (DoS)
2020-05-10 23:27:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1890
2021-07-02 17:16:43
cbl_mariner
cbl_mariner
CVE-2017-8363 affecting package libsndfile 1.0.28-14
2021-04-07 00:22:54
CVE-2017-8362 affecting package libsndfile 1.0.28-14
2021-04-07 00:22:54
CVE-2017-8365 affecting package libsndfile 1.0.28-14
2021-02-05 00:39:27
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.2%
Related for OPENSUSE-2017-625.NASL