Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-141.NASL
HistoryFeb 08, 2018 - 12:00 a.m.

openSUSE Security Update : libjpeg-turbo (openSUSE-2018-141)

2018-02-0800:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.6%

JSON

This update for libjpeg-turbo fixes the following security issue :

  • CVE-2017-15232: Fix NULL pointer dereference in jdpostct.c and jquant1.c - additional fixes (bsc#1062937)

This update was imported from the SUSE:SLE-12:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-141.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(106665);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2017-15232");

  script_name(english:"openSUSE Security Update : libjpeg-turbo (openSUSE-2018-141)");
  script_summary(english:"Check for the openSUSE-2018-141 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libjpeg-turbo fixes the following security issue :

  - CVE-2017-15232: Fix NULL pointer dereference in
    jdpostct.c and jquant1.c - additional fixes
    (bsc#1062937)

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062937"
  );
  # https://features.opensuse.org/324061
  script_set_attribute(
    attribute:"see_also",
    value:"https://features.opensuse.org/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libjpeg-turbo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-turbo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-turbo-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"libjpeg-turbo-1.5.3-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg-turbo-debuginfo-1.5.3-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg-turbo-debugsource-1.5.3-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-62.2.0-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-debuginfo-62.2.0-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-devel-62.2.0-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-turbo-1.5.3-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg62-turbo-debugsource-1.5.3-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg8-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg8-debuginfo-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libjpeg8-devel-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libturbojpeg0-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libturbojpeg0-debuginfo-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg62-32bit-62.2.0-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg62-debuginfo-32bit-62.2.0-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg62-devel-32bit-62.2.0-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg8-32bit-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg8-debuginfo-32bit-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libjpeg8-devel-32bit-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libturbojpeg0-32bit-8.1.2-42.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libturbojpeg0-debuginfo-32bit-8.1.2-42.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo / libjpeg-turbo-debuginfo / libjpeg-turbo-debugsource / etc");
}
VendorProductVersionCPE
novellopensuselibjpeg-turbop-cpe:/a:novell:opensuse:libjpeg-turbo
novellopensuselibjpeg-turbo-debuginfop-cpe:/a:novell:opensuse:libjpeg-turbo-debuginfo
novellopensuselibjpeg-turbo-debugsourcep-cpe:/a:novell:opensuse:libjpeg-turbo-debugsource
novellopensuselibjpeg62p-cpe:/a:novell:opensuse:libjpeg62
novellopensuselibjpeg62-32bitp-cpe:/a:novell:opensuse:libjpeg62-32bit
novellopensuselibjpeg62-debuginfop-cpe:/a:novell:opensuse:libjpeg62-debuginfo
novellopensuselibjpeg62-debuginfo-32bitp-cpe:/a:novell:opensuse:libjpeg62-debuginfo-32bit
novellopensuselibjpeg62-develp-cpe:/a:novell:opensuse:libjpeg62-devel
novellopensuselibjpeg62-devel-32bitp-cpe:/a:novell:opensuse:libjpeg62-devel-32bit
novellopensuselibjpeg62-turbop-cpe:/a:novell:opensuse:libjpeg62-turbo
Rows per page:
1-10 of 221

Related

nessus 17
openvas 11
debiancve 1
ubuntucve 1
redhatcve 1
cvelist 1
cve 1
prion 1
alpinelinux 1
osv 1
nvd 1
mageia 1
photon 1
ibm 5
ubuntu 1
cloudfoundry 1
nessus
nessus
Photon OS 2.0: Libjpeg PHSA-2017-2.0-0007
2019-02-07 00:00:00
EulerOS Virtualization 3.0.2.2 : libjpeg-turbo (EulerOS-SA-2021-2144)
2021-07-21 00:00:00
openSUSE Security Update : libjpeg-turbo (openSUSE-2017-1218)
2017-10-30 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2144)
2021-07-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0373-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2093)
2021-07-07 00:00:00
debiancve
debiancve
CVE-2017-15232
2017-10-11 03:29:00
ubuntucve
ubuntucve
CVE-2017-15232
2017-10-10 00:00:00
redhatcve
redhatcve
CVE-2017-15232
2019-10-12 01:22:12
cvelist
cvelist
CVE-2017-15232
2017-10-11 03:00:00
cve
cve
CVE-2017-15232
2017-10-11 03:29:00
prion
prion
Null pointer dereference
2017-10-11 03:29:00
alpinelinux
alpinelinux
CVE-2017-15232
2017-10-11 03:29:00
osv
osv
CVE-2017-15232
2017-10-11 03:29:00
nvd
nvd
CVE-2017-15232
2017-10-11 03:29:00
mageia
mageia
Updated libjpeg packages fix a security vulnerability
2017-11-10 22:33:09
photon
photon
Critical Photon OS Security Update - PHSA-2017-0007
2017-12-18 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libjpeg
2023-12-07 22:45:03
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg
2023-12-07 22:45:02
Security Bulletin: Vulnerabilities in libjpeg affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:25:01
ubuntu
ubuntu
libjpeg-turbo vulnerabilities
2018-07-09 00:00:00
cloudfoundry
cloudfoundry
USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2018-07-19 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.6%

JSON
Related for OPENSUSE-2018-141.NASL
nessus17openvas11debiancve1ubuntucve1redhatcve1cvelist1cve1prion1alpinelinux1osv1nvd1mageia1photon1ibm5ubuntu1cloudfoundry1