Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114202121581HistoryJun 25, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2021:2158-1)
2021-06-2500:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
11
suse caas platform
suse enterprise storage
suse linux enterprise high performance computing
suse linux enterprise module for desktop applications
suse linux enterprise server
suse linux enterprise server for sap
suse manager proxy
suse manager retail branch server
suse manager server
openexr
cve-2021-3598
cve-2021-3605
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
31.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2021.2158.1");
script_cve_id("CVE-2021-3598", "CVE-2021-3605");
script_tag(name:"creation_date", value:"2021-06-25 15:13:00 +0000 (Fri, 25 Jun 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-09-01 02:04:07 +0000 (Wed, 01 Sep 2021)");
script_name("SUSE: Security Advisory (SUSE-SU-2021:2158-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP2|SLES15\.0SP3|SLES15\.0|SLES15\.0SP1)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2021:2158-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2021/suse-su-20212158-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'openexr' package(s) announced via the SUSE-SU-2021:2158-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for openexr fixes the following issues:
Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the
rleUncompress function
Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in
Imf_3_1:CharPtrIO:readChars");
script_tag(name:"affected", value:"'openexr' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Module for Desktop Applications 15-SP2, SUSE Linux Enterprise Module for Desktop Applications 15-SP3, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 4.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.32.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.32.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.32.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.32.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
openSUSE 15 Security Update : openexr (openSUSE-SU-2021:2158-1)
2021-07-16 00:00:00
SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2021:2158-1)
2021-06-28 00:00:00
openSUSE 15 Security Update : openexr (openSUSE-SU-2021:0925-1)
2021-06-28 00:00:00
suse
suse
Security update for openexr (important)
2021-07-11 00:00:00
Security update for openexr (important)
2021-06-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for openexr (openSUSE-SU-2021:0925-1)
2021-06-26 00:00:00
openSUSE: Security Advisory for openexr (openSUSE-SU-2021:2158-1)
2021-07-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2159-1)
2021-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: mingw-openexr-2.5.5-3.fc34
2021-06-20 01:09:26
[SECURITY] Fedora 33 Update: mingw-ilmbase-2.4.1-3.fc33
2021-06-20 01:07:46
cnvd
cnvd
Industrial Light And Magic OpenEXR Buffer Overflow Vulnerability (CNVD-2022-19853)
2021-08-05 00:00:00
OpenEXR Logic Flaw Vulnerability
2021-06-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-3605
2021-06-17 00:00:00
CVE-2021-3598
2021-06-15 00:00:00
nvd
nvd
CVE-2021-3605
2021-08-25 19:15:14
CVE-2021-3598
2021-07-06 15:15:07
osv
osv
CVE-2021-3605
2021-08-25 19:15:14
openexr vulnerabilities
2021-06-22 11:09:05
openexr vulnerabilities
2021-06-22 11:46:27
debiancve
debiancve
CVE-2021-3605
2021-08-25 19:15:14
CVE-2021-3598
2021-07-06 15:15:07
redhatcve
redhatcve
CVE-2021-3605
2021-06-15 18:23:51
CVE-2021-3598
2021-06-11 19:14:18
alpinelinux
alpinelinux
CVE-2021-3605
2021-08-25 19:15:00
CVE-2021-3598
2021-07-06 15:15:07
cve
cve
CVE-2021-3605
2021-08-25 19:15:14
CVE-2021-3598
2021-07-06 15:15:07
cvelist
cvelist
CVE-2021-3605
2021-08-25 00:00:00
CVE-2021-3598
2021-07-06 00:00:00
prion
prion
Out-of-bounds
2021-08-25 19:15:00
Out-of-bounds
2021-07-06 15:15:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2021-06-22 00:00:00
OpenEXR vulnerabilities
2021-06-22 00:00:00
OpenEXR vulnerabilities
2022-09-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-11 00:48:52
cloudfoundry
cloudfoundry
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
archlinux
archlinux
[ASA-202107-14] openexr: arbitrary code execution
2021-07-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2248
2023-10-17 12:58:34
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2022-10-31 00:00:00
debian
debian
[SECURITY] [DSA 5299-1] openexr security update
2022-12-10 16:27:46
[SECURITY] [DLA 2732-1] openexr security update
2021-08-04 19:53:02
[SECURITY] [DLA 3236-1] openexr security update
2022-12-11 23:52:53
mageia
mageia
Updated openexr packages fix security vulnerabilities
2021-07-10 15:56:54
amazon
amazon
Medium: OpenEXR
2023-06-05 16:39:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
31.7%
Related for OPENVAS:13614125623114202121581