Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-280.NASL
HistoryMar 19, 2018 - 12:00 a.m.

openSUSE Security Update : SDL2 / SDL2_image (openSUSE-2018-280)

2018-03-1900:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.0%

JSON

This update for SDL2 and SDL2_image fixes the following issues :

  • CVE-2017-14441: Code execution in the ICO image rendering (bsc#1084282).

  • CVE-2017-14440: Potential code execution in the ILBM image rendering functionality (bsc#1084257).

  • CVE-2017-12122: Potential code execution in the ILBM image rendering fuctionality (bsc#1084256).

  • CVE-2017-14448: Heap buffer overflow in the XCF image rendering functionality (bsc#1084303).

  • CVE-2017-14449: Double-Free in the XCF image rendering (bsc#1084297).

  • CVE-2017-14442: Stack-based buffer overflow the BMP image rendering functionality (bsc#1084304).

  • CVE-2017-14450: Buffer overflow in the GIF image parsing (bsc#1084288).

Bug fixes :

  • boo#1025413: Add dbus-ime.diff and build with fcitx.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-280.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(108444);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2017-12122", "CVE-2017-14440", "CVE-2017-14441", "CVE-2017-14442", "CVE-2017-14448", "CVE-2017-14449", "CVE-2017-14450");

  script_name(english:"openSUSE Security Update : SDL2 / SDL2_image (openSUSE-2018-280)");
  script_summary(english:"Check for the openSUSE-2018-280 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for SDL2 and SDL2_image fixes the following issues :

  - CVE-2017-14441: Code execution in the ICO image
    rendering (bsc#1084282).

  - CVE-2017-14440: Potential code execution in the ILBM
    image rendering functionality (bsc#1084257).

  - CVE-2017-12122: Potential code execution in the ILBM
    image rendering fuctionality (bsc#1084256).

  - CVE-2017-14448: Heap buffer overflow in the XCF image
    rendering functionality (bsc#1084303).

  - CVE-2017-14449: Double-Free in the XCF image rendering
    (bsc#1084297).

  - CVE-2017-14442: Stack-based buffer overflow the BMP
    image rendering functionality (bsc#1084304).

  - CVE-2017-14450: Buffer overflow in the GIF image parsing
    (bsc#1084288).

Bug fixes :

  - boo#1025413: Add dbus-ime.diff and build with fcitx."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1025413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084282"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084297"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084303"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084304"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected SDL2 / SDL2_image packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:SDL2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:SDL2_image-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-2_0-0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libSDL2_image-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"SDL2-debugsource-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"SDL2_image-debugsource-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2-2_0-0-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2-2_0-0-debuginfo-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2-devel-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2_image-2_0-0-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2_image-2_0-0-debuginfo-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libSDL2_image-devel-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2-2_0-0-32bit-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2-2_0-0-debuginfo-32bit-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2-devel-32bit-2.0.8-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2_image-2_0-0-32bit-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2_image-2_0-0-debuginfo-32bit-2.0.3-13.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libSDL2_image-devel-32bit-2.0.3-13.10.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SDL2-debugsource / libSDL2-2_0-0 / libSDL2-2_0-0-32bit / etc");
}
VendorProductVersionCPE
novellopensusesdl2-debugsourcep-cpe:/a:novell:opensuse:sdl2-debugsource
novellopensusesdl2_image-debugsourcep-cpe:/a:novell:opensuse:sdl2_image-debugsource
novellopensuselibsdl2-2_0-0p-cpe:/a:novell:opensuse:libsdl2-2_0-0
novellopensuselibsdl2-2_0-0-32bitp-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit
novellopensuselibsdl2-2_0-0-debuginfop-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo
novellopensuselibsdl2-2_0-0-debuginfo-32bitp-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo-32bit
novellopensuselibsdl2-develp-cpe:/a:novell:opensuse:libsdl2-devel
novellopensuselibsdl2-devel-32bitp-cpe:/a:novell:opensuse:libsdl2-devel-32bit
novellopensuselibsdl2_image-2_0-0p-cpe:/a:novell:opensuse:libsdl2_image-2_0-0
novellopensuselibsdl2_image-2_0-0-32bitp-cpe:/a:novell:opensuse:libsdl2_image-2_0-0-32bit
Rows per page:
1-10 of 151

Related

suse 1
debian 4
talosblog 1
openvas 6
nessus 4
gentoo 1
osv 10
mageia 2
nvd 7
talos 7
prion 7
debiancve 7
cvelist 7
cve 7
ubuntucve 7
redhatcve 1
veracode 2
suse
suse
Security update for SDL2, SDL2_image (important)
2018-03-18 15:09:14
debian
debian
[SECURITY] [DLA 1341-1] sdl-image1.2 security update
2018-04-06 22:29:20
[SECURITY] [DSA 4177-1] libsdl2-image security update
2018-04-20 20:16:50
[SECURITY] [DSA 4184-1] sdl-image1.2 security update
2018-04-28 19:28:02
talosblog
talosblog
Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image
2018-03-01 13:21:00
openvas
openvas
openSUSE: Security Advisory for SDL2 (openSUSE-SU-2018:0734-1)
2018-03-19 00:00:00
Debian: Security Advisory (DLA-1341-1)
2018-04-08 00:00:00
Mageia: Security Advisory (MGASA-2018-0454)
2022-01-28 00:00:00
nessus
nessus
Debian DLA-1341-1 : sdl-image1.2 security update
2018-04-10 00:00:00
Debian DSA-4177-1 : libsdl2-image - security update
2018-04-23 00:00:00
GLSA-201903-17 : SDL2_Image: Multiple vulnerabilities
2019-03-28 00:00:00
gentoo
gentoo
SDL2_Image: Multiple vulnerabilities
2019-03-28 00:00:00
osv
osv
libsdl2-image - security update
2018-04-20 00:00:00
sdl-image1.2 - security update
2018-04-06 00:00:00
sdl-image1.2 - security update
2018-04-28 00:00:00
mageia
mageia
Updated SDL_image packages fix security vulnerability
2018-06-06 21:15:31
Updated sdl2/mingw-SDL2 packages fix security vulnerabilities
2018-11-18 01:23:26
nvd
nvd
CVE-2017-14440
2018-04-24 19:29:01
CVE-2017-14448
2018-04-24 19:29:01
CVE-2017-14450
2018-04-24 19:29:01
talos
talos
Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability
2018-03-01 00:00:00
Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability
2018-03-01 00:00:00
Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability
2018-03-01 00:00:00
prion
prion
Design/Logic Flaw
2018-04-24 19:29:00
Stack overflow
2018-04-24 19:29:00
Stack overflow
2018-04-24 19:29:00
debiancve
debiancve
CVE-2017-14449
2018-04-24 19:29:01
CVE-2017-14441
2018-04-24 19:29:01
CVE-2017-14440
2018-04-24 19:29:01
cvelist
cvelist
CVE-2017-14449
2018-03-01 00:00:00
CVE-2017-14450
2018-03-01 00:00:00
CVE-2017-14440
2018-03-01 00:00:00
cve
cve
CVE-2017-14449
2018-04-24 19:29:01
CVE-2017-14440
2018-04-24 19:29:01
CVE-2017-14442
2018-04-24 19:29:01
ubuntucve
ubuntucve
CVE-2017-14449
2018-04-24 00:00:00
CVE-2017-14440
2018-04-24 00:00:00
CVE-2017-14442
2018-04-24 00:00:00
redhatcve
redhatcve
CVE-2017-14450
2022-05-20 22:50:07
veracode
veracode
Remote Code Execution (RCE)
2018-09-12 07:08:48
Remote Code Execution (RCE)
2018-09-12 07:32:34

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for OPENSUSE-2018-280.NASL
suse1debian4talosblog1openvas6nessus4gentoo1osv10mageia2nvd7talos7prion7debiancve7cvelist7cve7ubuntucve7redhatcve1veracode2