Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-1486-1.NASLHistoryJun 14, 2019 - 12:00 a.m.
SUSE SLED15 / SLES15 Security Update : elfutils (SUSE-SU-2019:1486-1)
2019-06-1400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.01
Percentile
83.8%
This update for elfutils fixes the following issues :
Security issues fixed :
CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
CVE-2017-7609: Fixed a memory allocation failure in
__libelf_decompress (bsc#1033086)
CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
CVE-2019-7150: dwfl_segment_report_module doesnāt check whether the dyn data read from core file is truncated (bsc#1123685)
CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1486-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(125921);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/16");
script_cve_id(
"CVE-2017-7607",
"CVE-2017-7608",
"CVE-2017-7609",
"CVE-2017-7610",
"CVE-2017-7611",
"CVE-2017-7612",
"CVE-2017-7613",
"CVE-2018-16062",
"CVE-2018-16402",
"CVE-2018-16403",
"CVE-2018-18310",
"CVE-2018-18520",
"CVE-2018-18521",
"CVE-2019-7150",
"CVE-2019-7665"
);
script_name(english:"SUSE SLED15 / SLES15 Security Update : elfutils (SUSE-SU-2019:1486-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for elfutils fixes the following issues :
Security issues fixed :
CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash
(bsc#1033084)
CVE-2017-7608: Fixed a heap-based buffer overflow in
ebl_object_note_type_name() (bsc#1033085)
CVE-2017-7609: Fixed a memory allocation failure in
__libelf_decompress (bsc#1033086)
CVE-2017-7610: Fixed a heap-based buffer overflow in check_group
(bsc#1033087)
CVE-2017-7611: Fixed a denial of service via a crafted ELF file
(bsc#1033088)
CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a
crafted ELF file (bsc#1033089)
CVE-2017-7613: Fixed denial of service caused by the missing
validation of the number of sections and the number of segments in a
crafted ELF file (bsc#1033090)
CVE-2018-16062: Fixed a heap-buffer overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
CVE-2018-16402: Fixed a denial of service/double free on an attempt to
decompress the same section twice (bsc#1107066)
CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
CVE-2018-18310: Fixed an invalid address read problem in
dwfl_segment_report_module.c (bsc#1111973)
CVE-2018-18520: Fixed bad handling of ar files inside are files
(bsc#1112726)
CVE-2018-18521: Fixed a denial of service vulnerabilities in the
function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
CVE-2019-7150: dwfl_segment_report_module doesn't check whether the
dyn data read from core file is truncated (bsc#1123685)
CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated
string (bsc#1125007)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033084");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033085");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033086");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033087");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033088");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033089");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033090");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106390");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1107066");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1107067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1111973");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112723");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1123685");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1125007");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7607/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7608/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7609/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7610/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7611/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7612/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7613/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16062/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16402/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16403/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18310/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18520/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18521/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-7150/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-7665/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20191486-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83b330da");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1486=1
SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2019-1486=1
SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-1486=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16402");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:elfutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:elfutils-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:elfutils-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libasm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libasm1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libasm1-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libasm1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdw-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdw1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdw1-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdw1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libebl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libebl-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libebl-plugins-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libebl-plugins-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libelf-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libelf1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libelf1-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libelf1-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libasm1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libasm1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libdw1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libdw1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libebl-plugins-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libebl-plugins-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libelf-devel-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libelf1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libelf1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"elfutils-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"elfutils-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"elfutils-debugsource-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libasm-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libasm1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libasm1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libdw-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libdw1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libdw1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libebl-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libebl-plugins-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libebl-plugins-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libelf-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libelf1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libelf1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libdw1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libdw1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libebl-plugins-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libebl-plugins-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libelf1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libelf1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"elfutils-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"elfutils-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"elfutils-debugsource-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libasm-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libasm1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libasm1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libdw-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libdw1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libdw1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libebl-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libebl-plugins-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libebl-plugins-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libelf-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libelf1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libelf1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libasm1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libasm1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libdw1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libdw1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libebl-plugins-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libebl-plugins-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libelf-devel-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libelf1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libelf1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"elfutils-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"elfutils-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"elfutils-debugsource-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libasm-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libasm1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libasm1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libdw-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libdw1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libdw1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libebl-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libebl-plugins-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libebl-plugins-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libelf-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libelf1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libelf1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libdw1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libdw1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libebl-plugins-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libebl-plugins-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libelf1-32bit-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libelf1-32bit-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"elfutils-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"elfutils-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"elfutils-debugsource-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libasm-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libasm1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libasm1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libdw-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libdw1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libdw1-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libebl-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libebl-plugins-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libebl-plugins-debuginfo-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libelf-devel-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libelf1-0.168-4.5.3")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libelf1-debuginfo-0.168-4.5.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665
www.nessus.org/u?83b330da
bugzilla.suse.com/show_bug.cgi?id=1033084
bugzilla.suse.com/show_bug.cgi?id=1033085
bugzilla.suse.com/show_bug.cgi?id=1033086
bugzilla.suse.com/show_bug.cgi?id=1033087
bugzilla.suse.com/show_bug.cgi?id=1033088
bugzilla.suse.com/show_bug.cgi?id=1033089
bugzilla.suse.com/show_bug.cgi?id=1033090
bugzilla.suse.com/show_bug.cgi?id=1106390
bugzilla.suse.com/show_bug.cgi?id=1107066
bugzilla.suse.com/show_bug.cgi?id=1107067
bugzilla.suse.com/show_bug.cgi?id=1111973
bugzilla.suse.com/show_bug.cgi?id=1112723
bugzilla.suse.com/show_bug.cgi?id=1112726
bugzilla.suse.com/show_bug.cgi?id=1123685
bugzilla.suse.com/show_bug.cgi?id=1125007
www.suse.com/security/cve/CVE-2017-7607/
www.suse.com/security/cve/CVE-2017-7608/
www.suse.com/security/cve/CVE-2017-7609/
www.suse.com/security/cve/CVE-2017-7610/
www.suse.com/security/cve/CVE-2017-7611/
www.suse.com/security/cve/CVE-2017-7612/
www.suse.com/security/cve/CVE-2017-7613/
www.suse.com/security/cve/CVE-2018-16062/
www.suse.com/security/cve/CVE-2018-16402/
www.suse.com/security/cve/CVE-2018-16403/
www.suse.com/security/cve/CVE-2018-18310/
www.suse.com/security/cve/CVE-2018-18520/
www.suse.com/security/cve/CVE-2018-18521/
www.suse.com/security/cve/CVE-2019-7150/
www.suse.com/security/cve/CVE-2019-7665/
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1486-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for elfutils (openSUSE-SU-2019:1590-1)
2019-06-20 00:00:00
Fedora Update for elfutils FEDORA-2017-5e4fb05a0a
2017-05-13 00:00:00
nessus
nessus
openSUSE Security Update : elfutils (openSUSE-2019-1590)
2019-06-20 00:00:00
SUSE SLED12 / SLES12 Security Update : elfutils (SUSE-SU-2019:1733-1)
2019-07-05 00:00:00
Debian DLA-1689-1 : elfutils security update
2019-02-26 00:00:00
suse
suse
Security update for elfutils (moderate)
2019-06-20 00:00:00
Security update for dwarves and elfutils (moderate)
2022-08-01 00:00:00
Security update for dwarves and elfutils (moderate)
2022-09-01 00:00:00
debian
debian
[SECURITY] [DLA 1689-1] elfutils security update
2019-02-25 21:35:38
[SECURITY] [DLA 2802-1] elfutils security update
2021-10-30 21:53:24
mageia
mageia
Updated elfutils packages fix security vulnerabilities
2019-08-18 15:39:41
Updated elfutils packages fix security vulnerabilities
2018-01-03 13:32:10
osv
osv
elfutils - security update
2019-02-25 00:00:00
elfutils - security update
2021-10-30 00:00:00
elfutils vulnerabilities
2023-08-30 16:29:23
fedora
fedora
[SECURITY] Fedora 26 Update: elfutils-0.169-1.fc26
2017-05-08 14:27:00
[SECURITY] Fedora 25 Update: elfutils-0.169-1.fc25
2017-05-12 12:06:55
[SECURITY] Fedora 28 Update: elfutils-0.174-5.fc28
2018-11-21 03:14:18
cloudfoundry
cloudfoundry
USN-4012-1: elfutils vulnerabilities | Cloud Foundry
2019-06-18 00:00:00
ubuntu
ubuntu
elfutils vulnerabilities
2019-06-10 00:00:00
elfutils vulnerabilities
2018-06-05 00:00:00
elfutils vulnerabilities
2023-08-30 00:00:00
centos
centos
elfutils security update
2019-08-30 02:43:56
amazon
amazon
Low: elfutils
2019-10-21 18:01:00
redhat
redhat
(RHSA-2019:2197) Low: elfutils security, bug fix, and enhancement update
2019-08-06 08:12:18
(RHSA-2020:1471) Low: elfutils security update
2020-04-14 14:34:38
f5
f5
K21426934 : Multiple elfutils vulnerabilities
2022-04-25 00:00:00
gentoo
gentoo
elfutils: Multiple vulnerabilities
2017-10-13 00:00:00
oraclelinux
oraclelinux
elfutils security, bug fix, and enhancement update
2019-08-13 00:00:00
archlinux
archlinux
[ASA-201901-3] elfutils: denial of service
2019-01-08 00:00:00
photon
photon
nvd
nvd
redhatcve
redhatcve
cve
cve
ibm
ibm
prion
prion
debiancve
debiancve
ubuntucve
ubuntucve
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:35:15
Denial Of Service (DoS)
2019-08-08 00:07:56
Denial Of Service (DoS)
2020-09-21 06:32:21
alpinelinux
alpinelinux
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.01
Percentile
83.8%
Related for SUSE_SU-2019-1486-1.NASL