Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114202127931HistoryAug 20, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2021:2793-1)
2021-08-2000:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
8
suse
security advisory
openexr
cve-2021-20298
cve-2021-20299
cve-2021-20300
cve-2021-20302
cve-2021-20303
cve-2021-20304
suse caas platform
suse enterprise storage
suse linux enterprise
suse manager proxy
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.6
Confidence
High
EPSS
0.002
Percentile
62.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2021.2793.1");
script_cve_id("CVE-2021-20298", "CVE-2021-20299", "CVE-2021-20300", "CVE-2021-20302", "CVE-2021-20303", "CVE-2021-20304", "CVE-2021-3476");
script_tag(name:"creation_date", value:"2021-08-20 14:52:30 +0000 (Fri, 20 Aug 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-26 16:10:19 +0000 (Fri, 26 Aug 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2021:2793-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP2|SLES15\.0SP3|SLES15\.0|SLES15\.0SP1)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2021:2793-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2021/suse-su-20212793-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'openexr' package(s) announced via the SUSE-SU-2021:2793-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for openexr fixes the following issues:
CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor
CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in
Imf_2_5:Header:operator
CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in
Imf_2_5:hufUncompress
CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in
Imf_2_5:precalculateTileInfot
CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in
Imf_2_5::copyIntoFrameBuffer
CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode");
script_tag(name:"affected", value:"'openexr' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Module for Desktop Applications 15-SP2, SUSE Linux Enterprise Module for Desktop Applications 15-SP3, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 4.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.35.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.35.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.35.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23", rpm:"libIlmImf-2_2-23~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImf-2_2-23-debuginfo", rpm:"libIlmImf-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23", rpm:"libIlmImfUtil-2_2-23~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libIlmImfUtil-2_2-23-debuginfo", rpm:"libIlmImfUtil-2_2-23-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debuginfo", rpm:"openexr-debuginfo~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-debugsource", rpm:"openexr-debugsource~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"openexr-devel", rpm:"openexr-devel~2.2.1~3.35.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
openSUSE: Security Advisory for openexr (openSUSE-SU-2021:1198-1)
2021-08-26 00:00:00
openSUSE: Security Advisory for openexr (openSUSE-SU-2021:2793-1)
2021-08-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2913-1)
2021-09-03 00:00:00
nessus
nessus
openSUSE 15 Security Update : openexr (openSUSE-SU-2021:1198-1)
2021-08-26 00:00:00
openSUSE 15 Security Update : openexr (openSUSE-SU-2021:2793-1)
2021-08-21 00:00:00
SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2021:2913-1)
2021-09-04 00:00:00
suse
suse
Security update for openexr (important)
2021-08-20 00:00:00
Security update for openexr (important)
2021-08-26 00:00:00
Security update for openexr (moderate)
2021-04-11 00:00:00
osv
osv
openexr - security update
2021-08-04 00:00:00
CVE-2021-20299
2022-03-16 15:15:10
CVE-2021-20300
2022-03-04 18:15:00
debian
debian
[SECURITY] [DLA 2732-1] openexr security update
2021-08-04 19:53:02
[SECURITY] [DLA 3236-1] openexr security update
2022-12-11 23:52:53
[SECURITY] [DLA 2701-1] openexr security update
2021-07-03 18:16:01
amazon
amazon
Medium: OpenEXR
2023-06-05 16:39:00
nvd
nvd
redhatcve
redhatcve
debiancve
debiancve
prion
prion
Integer overflow
2022-03-04 18:15:00
Null pointer dereference
2022-03-16 15:15:00
Design/Logic Flaw
2022-03-04 18:15:00
cvelist
cvelist
cve
cve
veracode
veracode
Denial Of Service (DoS)
2021-07-17 14:11:16
Denial Of Service
2021-07-17 14:11:15
Denial Of Service (DoS)
2021-07-19 20:20:31
ubuntucve
ubuntucve
cnvd
cnvd
alpinelinux
alpinelinux
CVE-2021-3476
2021-03-30 18:15:18
ubuntu
ubuntu
OpenEXR vulnerabilities
2021-04-01 00:00:00
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2022-10-31 00:00:00
OpenEXR: Multiple vulnerabilities
2021-07-11 00:00:00
cloudfoundry
cloudfoundry
USN-4900-1: OpenEXR vulnerabilities | Cloud Foundry
2021-04-29 00:00:00
freebsd
freebsd
openexr, ilmbase -- security fixes related to reading corrupted input files
2021-02-12 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2247
2023-10-17 12:52:56
mageia
mageia
Updated openexr packages fix security vulnerabilities
2021-07-10 15:56:54
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.6
Confidence
High
EPSS
0.002
Percentile
62.3%
Related for OPENVAS:13614125623114202127931