Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202238041HistoryOct 28, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:3804-1)
2022-10-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
5
suse
security
advisory
update
dbus-1
cve-2022-42010
cve-2022-42011
cve-2022-42012
crash
bounds read
use-after-free
bugs
suse linux enterprise server
suse openstack cloud
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.3804.1");
script_cve_id("CVE-2022-42010", "CVE-2022-42011", "CVE-2022-42012");
script_tag(name:"creation_date", value:"2022-10-28 04:36:32 +0000 (Fri, 28 Oct 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-10-11 18:51:40 +0000 (Tue, 11 Oct 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:3804-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP3|SLES12\.0SP4)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:3804-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20223804-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'dbus-1' package(s) announced via the SUSE-SU-2022:3804-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an
invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length
array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a
message in non-native endianness with out-of-band Unix file descriptor
(bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).");
script_tag(name:"affected", value:"'dbus-1' package(s) on SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"dbus-1", rpm:"dbus-1~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-debuginfo", rpm:"dbus-1-debuginfo~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-debugsource", rpm:"dbus-1-debugsource~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-x11", rpm:"dbus-1-x11~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-x11-debuginfo", rpm:"dbus-1-x11-debuginfo~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-x11-debugsource", rpm:"dbus-1-x11-debugsource~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3", rpm:"libdbus-1-3~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3-32bit", rpm:"libdbus-1-3-32bit~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3-debuginfo", rpm:"libdbus-1-3-debuginfo~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3-debuginfo-32bit", rpm:"libdbus-1-3-debuginfo-32bit~1.8.22~29.24.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"dbus-1", rpm:"dbus-1~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-debuginfo", rpm:"dbus-1-debuginfo~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-debuginfo-32bit", rpm:"dbus-1-debuginfo-32bit~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-debugsource", rpm:"dbus-1-debugsource~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-x11", rpm:"dbus-1-x11~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-x11-debuginfo", rpm:"dbus-1-x11-debuginfo~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dbus-1-x11-debugsource", rpm:"dbus-1-x11-debugsource~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3", rpm:"libdbus-1-3~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3-32bit", rpm:"libdbus-1-3-32bit~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3-debuginfo", rpm:"libdbus-1-3-debuginfo~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdbus-1-3-debuginfo-32bit", rpm:"libdbus-1-3-debuginfo-32bit~1.8.22~29.24.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS Virtualization 2.9.0 : dbus (EulerOS-SA-2023-1655)
2023-04-27 00:00:00
CentOS 8 : dbus (CESA-2023:0096)
2024-02-08 00:00:00
SUSE SLES12 Security Update : dbus-1 (SUSE-SU-2022:4295-1)
2022-11-30 00:00:00
osv
osv
Moderate: dbus security update
2023-01-23 00:00:00
Moderate: dbus security update
2023-01-12 08:25:26
dbus vulnerabilities
2022-10-27 13:00:09
openvas
openvas
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2023-2034)
2023-06-07 00:00:00
Debian: Security Advisory (DLA-3142-1)
2022-10-11 00:00:00
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2023-1380)
2023-02-10 00:00:00
amazon
amazon
Medium: dbus
2023-04-13 19:01:00
Medium: dbus
2023-03-30 18:56:00
rocky
rocky
dbus security update
2023-01-12 08:25:26
dbus security update
2023-01-23 14:30:24
redos
redos
ROS-20221013-01
2022-10-13 00:00:00
debian
debian
[SECURITY] [DSA 5250-1] dbus security update
2022-10-06 18:51:40
[SECURITY] [DLA 3142-1] dbus security update
2022-10-10 14:47:14
fedora
fedora
[SECURITY] Fedora 35 Update: dbus-1.12.24-1.fc35
2022-10-26 17:35:19
[SECURITY] Fedora 37 Update: dbus-1.14.4-1.fc37
2022-11-10 22:40:24
[SECURITY] Fedora 36 Update: dbus-1.14.4-1.fc36
2022-10-14 13:03:28
redhat
redhat
(RHSA-2022:8977) Moderate: dbus security update
2022-12-13 15:31:11
(RHSA-2023:0096) Moderate: dbus security update
2023-01-12 08:25:26
(RHSA-2023:0335) Moderate: dbus security update
2023-01-23 14:30:24
suse
suse
Security update for dbus-1 (important)
2022-10-27 00:00:00
Security update for dbus-1 (important)
2022-10-27 00:00:00
cloudfoundry
cloudfoundry
USN-5704-1: DBus vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
gentoo
gentoo
D-Bus: Multiple Vulnerabilities
2023-05-03 00:00:00
ibm
ibm
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0263
2022-10-14 00:00:00
Moderate Photon OS Security Update - PHSA-2022-4.0-0263
2022-10-14 00:00:00
Critical Photon OS Security Update - PHSA-2022-3.0-0470
2022-10-16 00:00:00
mageia
mageia
Updated dbus packages fix security vulnerability
2022-10-08 23:22:22
oraclelinux
oraclelinux
dbus security update
2023-01-24 00:00:00
dbus security update
2023-01-12 00:00:00
ubuntu
ubuntu
DBus vulnerabilities
2022-10-27 00:00:00
almalinux
almalinux
Moderate: dbus security update
2023-01-23 00:00:00
Moderate: dbus security update
2023-01-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-42012 affecting package dbus for versions less than 1.15.2-2
2022-11-03 20:37:47
CVE-2022-42011 affecting package dbus 1.13.6-5
2023-02-14 02:35:58
CVE-2022-42010 affecting package dbus for versions less than 1.15.2-2
2022-11-03 20:37:47
redhatcve
redhatcve
nvd
nvd
ubuntucve
ubuntucve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-10-10 00:15:00
Design/Logic Flaw
2022-10-10 00:15:00
Format string
2022-10-10 00:15:00
cve
cve
debiancve
debiancve
alpinelinux
alpinelinux
veracode
veracode
Denial Of Service (DoS)
2022-10-06 17:07:08
Denial Of Service (DoS)
2022-10-06 17:06:28
Denial Of Service (DoS)
2022-10-06 17:05:58
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.7%
Related for OPENVAS:13614125623114202238041