Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20190806_POPPLER_ON_SL7_X.NASL
HistoryAug 27, 2019 - 12:00 a.m.

Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)

2019-08-2700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.02

Percentile

89.1%

JSON

Security Fix(es) :

  • poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)

  • poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)

  • poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)

  • poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)

  • poppler: reachable abort in Object.h (CVE-2018-19058)

  • poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)

  • poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)

  • poppler: NULL pointer dereference in
    _poppler_attachment_new (CVE-2018-19149)

  • poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)

  • poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)

  • poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

  • poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('compat.inc');

if (description)
{
  script_id(128252);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/01");

  script_cve_id(
    "CVE-2018-16646",
    "CVE-2018-18897",
    "CVE-2018-19058",
    "CVE-2018-19059",
    "CVE-2018-19060",
    "CVE-2018-19149",
    "CVE-2018-20481",
    "CVE-2018-20650",
    "CVE-2018-20662",
    "CVE-2019-7310",
    "CVE-2019-9200",
    "CVE-2019-9631"
  );

  script_name(english:"Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
  script_set_attribute(attribute:"description", value:
"Security Fix(es) :

  - poppler: heap-based buffer over-read in XRef::getEntry
    in XRef.cc (CVE-2019-7310)

  - poppler: heap-based buffer overflow in function
    ImageStream::getLine() in Stream.cc (CVE-2019-9200)

  - poppler: infinite recursion in Parser::getObj function
    in Parser.cc (CVE-2018-16646)

  - poppler: memory leak in GfxColorSpace::setDisplayProfile
    in GfxState.cc (CVE-2018-18897)

  - poppler: reachable abort in Object.h (CVE-2018-19058)

  - poppler: out-of-bounds read in EmbFile::save2 in
    FileSpec.cc (CVE-2018-19059)

  - poppler: pdfdetach utility does not validate save paths
    (CVE-2018-19060)

  - poppler: NULL pointer dereference in
    _poppler_attachment_new (CVE-2018-19149)

  - poppler: NULL pointer dereference in the XRef::getEntry
    in XRef.cc (CVE-2018-20481)

  - poppler: reachable Object::dictLookup assertion in
    FileSpec class in FileSpec.cc (CVE-2018-20650)

  - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc
    (CVE-2018-20662)

  - poppler: heap-based buffer over-read in function
    downsample_row_box_filter in CairoRescaleBox.cc
    (CVE-2019-9631)");
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=31117
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?45e5b084");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9631");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-dvi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-nautilus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-part");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-cpp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-demos");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-utils");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Scientific Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-browser-plugin-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-debuginfo-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-devel-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-dvi-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-libs-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-nautilus-3.28.2-8.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-4.10.5-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-debuginfo-4.10.5-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-devel-4.10.5-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-libs-4.10.5-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-part-4.10.5-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-cpp-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-cpp-devel-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-debuginfo-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-demos-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-devel-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-glib-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-glib-devel-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-qt-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-qt-devel-0.26.5-38.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-utils-0.26.5-38.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc");
}

Related

nessus 45
amazon 2
oraclelinux 2
centos 1
redhat 2
openvas 38
fedora 14
osv 13
debian 5
ubuntu 4
mageia 4
suse 1
debiancve 7
cvelist 9
veracode 9
redhatcve 9
cve 9
ubuntucve 8
nvd 7
prion 9
gentoo 1
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0202)
2019-10-15 00:00:00
Amazon Linux 2 : poppler (ALAS-2019-1332)
2019-10-25 00:00:00
Oracle Linux 7 : poppler (ELSA-2019-2022)
2023-09-07 00:00:00
amazon
amazon
Medium: poppler
2019-10-21 18:01:00
Medium: poppler
2019-08-23 17:01:00
oraclelinux
oraclelinux
poppler security, bug fix, and enhancement update
2019-08-13 00:00:00
poppler security update
2019-09-12 00:00:00
centos
centos
evince, okular, poppler security update
2019-08-30 02:44:38
redhat
redhat
(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update
2019-08-06 07:51:02
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
openvas
openvas
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)
2020-01-23 00:00:00
Fedora Update for mingw-poppler FEDORA-2019-7085420900
2019-05-07 00:00:00
Fedora Update for mingw-poppler FEDORA-2018-679f8aba03
2019-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-2.fc29
2018-12-30 03:22:07
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-4.fc29
2019-03-15 18:30:03
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-3.fc29
2019-02-18 02:04:58
osv
osv
poppler - security update
2019-03-08 00:00:00
poppler - security update
2020-07-23 00:00:00
poppler - security update
2020-11-08 00:00:00
debian
debian
[SECURITY] [DLA 1706-1] poppler security update
2019-03-08 20:37:16
[SECURITY] [DLA 2287-1] poppler security update
2020-07-23 10:16:10
[SECURITY] [DLA 2440-1] poppler security update
2020-11-08 23:59:37
ubuntu
ubuntu
poppler vulnerabilities
2018-12-04 00:00:00
poppler vulnerabilities
2019-01-22 00:00:00
poppler regression
2018-12-11 00:00:00
mageia
mageia
Updated poppler packages fix security vulnerabilities
2018-11-23 01:26:34
Updated poppler packages fix security vulnerability
2019-02-20 23:56:50
Updated poppler packages fix security vulnerabilities
2019-03-29 18:51:06
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00
debiancve
debiancve
CVE-2018-19149
2018-11-10 19:29:00
CVE-2018-20650
2019-01-01 16:29:00
CVE-2018-20481
2018-12-26 04:29:00
cvelist
cvelist
CVE-2018-20650
2019-01-01 16:00:00
CVE-2018-19149
2018-11-10 19:00:00
CVE-2018-20481
2018-12-26 04:00:00
veracode
veracode
Denial Of Service (DoS)
2018-11-12 07:13:51
Denial Of Service (Dos)
2019-08-08 00:07:10
Denial Of Service
2019-02-04 04:43:31
redhatcve
redhatcve
CVE-2018-19149
2018-11-13 16:49:19
CVE-2018-18897
2018-11-05 16:49:52
CVE-2019-7310
2019-10-08 23:16:33
cve
cve
CVE-2018-19149
2018-11-10 19:29:00
CVE-2018-20481
2018-12-26 04:29:00
CVE-2018-18897
2018-11-02 07:29:00
ubuntucve
ubuntucve
CVE-2018-20481
2018-12-25 00:00:00
CVE-2018-19149
2018-11-10 00:00:00
CVE-2018-19060
2018-11-07 00:00:00
nvd
nvd
CVE-2018-20481
2018-12-26 04:29:00
CVE-2018-19149
2018-11-10 19:29:00
CVE-2019-9200
2019-02-26 23:29:00
prion
prion
Memory corruption
2018-11-02 07:29:00
Null pointer dereference
2018-11-10 19:29:00
Null pointer dereference
2018-11-07 16:29:00
gentoo
gentoo
Poppler: Multiple vulnerabilities
2019-04-02 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.02

Percentile

89.1%

JSON
Related for SL_20190806_POPPLER_ON_SL7_X.NASL
nessus45amazon2oraclelinux2centos1redhat2openvas38fedora14osv13debian5ubuntu4mageia4suse1debiancve7cvelist9veracode9redhatcve9cve9ubuntucve8nvd7prion9gentoo1