Vulnerabilities > CVE-2017-5029 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3236-1.NASL description Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033, CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 99093 published 2017-03-30 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99093 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : oxide-qt vulnerabilities (USN-3236-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3236-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(99093); script_version("3.12"); script_cvs_date("Date: 2019/12/06"); script_cve_id("CVE-2017-5029", "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5033", "CVE-2017-5035", "CVE-2017-5037", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046"); script_xref(name:"USN", value:"3236-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : oxide-qt vulnerabilities (USN-3236-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033, CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3236-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected liboxideqtcore0 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"liboxideqtcore0", pkgver:"1.21.5-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"liboxideqtcore0", pkgver:"1.21.5-0ubuntu0.16.04.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"liboxideqtcore0", pkgver:"1.21.5-0ubuntu0.16.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liboxideqtcore0"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-353.NASL description Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848) : - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included : - Address broken rendering on non-intel cards last seen 2020-06-05 modified 2017-03-20 plugin id 97817 published 2017-03-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97817 title openSUSE Security Update : Chromium (openSUSE-2017-353) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-353. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(97817); script_version("3.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-5029", "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5038", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5042", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046"); script_name(english:"openSUSE Security Update : Chromium (openSUSE-2017-353)"); script_summary(english:"Check for the openSUSE-2017-353 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848) : - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included : - Address broken rendering on non-intel cards" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1028848" ); script_set_attribute( attribute:"solution", value:"Update the affected Chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"chromedriver-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromedriver-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromium-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromium-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromium-debugsource-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromedriver-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromedriver-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromium-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromium-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromium-debugsource-57.0.2987.98-105.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-0499.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 57.0.2987.98. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5039, CVE-2017-5033, CVE-2017-5038, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046) last seen 2020-05-31 modified 2017-03-14 plugin id 97718 published 2017-03-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97718 title RHEL 6 : chromium-browser (RHSA-2017:0499) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:0499. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(97718); script_version("3.16"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2017-5029", "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5038", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5042", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046"); script_xref(name:"RHSA", value:"2017:0499"); script_name(english:"RHEL 6 : chromium-browser (RHSA-2017:0499)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 57.0.2987.98. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5039, CVE-2017-5033, CVE-2017-5038, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046)" ); script_set_attribute( attribute:"see_also", value:"https://chromereleases.googleblog.com/2017/03/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:0499" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5029" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5030" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5031" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5032" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5033" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5034" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5035" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5036" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5037" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5038" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5039" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5040" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5041" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5042" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5043" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5044" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5045" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5046" ); script_set_attribute( attribute:"solution", value: "Update the affected chromium-browser and / or chromium-browser-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:0499"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"chromium-browser-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"chromium-browser-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"chromium-browser-debuginfo-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"chromium-browser-debuginfo-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium-browser / chromium-browser-debuginfo"); } }NASL family MacOS X Local Security Checks NASL id MACOS_10_12_4.NASL description The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 99134 published 2017-03-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99134 title macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99134); script_version("1.9"); script_cvs_date("Date: 2019/11/13"); script_cve_id( "CVE-2016-0736", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070" ); script_bugtraq_id( 85919, 91247, 91816, 94572, 94650, 94742, 94744, 94745, 94746, 94747, 94753, 94754, 94846, 94968, 94972, 94975, 94977, 95019, 95076, 95077, 95078, 95375, 95764, 95768, 95774, 95783, 95852, 96767, 97132, 97134, 97137, 97140, 97146, 97147, 97300, 97301, 97303 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3"); script_xref(name:"CERT", value:"797896"); script_xref(name:"EDB-ID", value:"40961"); script_xref(name:"EDB-ID", value:"40962"); script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)"); script_summary(english:"Checks the version of macOS."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS update that fixes multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615"); # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a"); script_set_attribute(attribute:"see_also", value:"https://httpoxy.org"); script_set_attribute(attribute:"solution", value: "Upgrade to macOS version 10.12.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "')."); version = matches[1]; if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x"); fixed_version = "10.12.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { security_report_v4( port:0, severity:SECURITY_HOLE, xss:TRUE, extra: '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n' ); } else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);NASL family Fedora Local Security Checks NASL id FEDORA_2017-E83C26A8C9.NASL description This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069. Other important changes include : - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.) - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. - [QTBUG-56531] Enabled `filesystem:` protocol handler. - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering. - [QTBUG-60049] Enabled brotli support. - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details. In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101740 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101740 title Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-e83c26a8c9. # include("compat.inc"); if (description) { script_id(101740); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5011", "CVE-2017-5012", "CVE-2017-5013", "CVE-2017-5014", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5018", "CVE-2017-5019", "CVE-2017-5020", "CVE-2017-5021", "CVE-2017-5022", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5036", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046", "CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5055", "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5068", "CVE-2017-5069"); script_xref(name:"FEDORA", value:"2017-e83c26a8c9"); script_name(english:"Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069. Other important changes include : - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.) - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. - [QTBUG-56531] Enabled `filesystem:` protocol handler. - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering. - [QTBUG-60049] Enabled brotli support. - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details. In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e83c26a8c9" ); script_set_attribute( attribute:"see_also", value:"https://bugreports.qt.io/browse/QTBUG-61521" ); # https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3ac68dd" ); script_set_attribute( attribute:"solution", value:"Update the affected qt5-qtwebengine package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"qt5-qtwebengine-5.9.0-4.fc26")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt5-qtwebengine"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3271-1.NASL description Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841) It was discovered that a type confusion error existed in the xsltStylePreCompute() function in Libxslt. An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995) Nicolas Gregoire discovered the Libxslt mishandled the last seen 2020-06-01 modified 2020-06-02 plugin id 99725 published 2017-04-28 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99725 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libxslt vulnerabilities (USN-3271-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3271-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(99725); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1841", "CVE-2016-4738", "CVE-2017-5029"); script_xref(name:"USN", value:"3271-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libxslt vulnerabilities (USN-3271-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841) It was discovered that a type confusion error existed in the xsltStylePreCompute() function in Libxslt. An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995) Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a' format tokens for xsl:number data. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684) It was discovered that the xsltFormatNumberConversion() function in Libxslt did not properly handle empty decimal separators. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-4738). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3271-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt1.1 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxslt1.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libxslt1.1", pkgver:"1.1.26-8ubuntu1.4")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libxslt1.1", pkgver:"1.1.28-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libxslt1.1", pkgver:"1.1.28-2.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libxslt1.1", pkgver:"1.1.29-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"libxslt1.1", pkgver:"1.1.29-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt1.1"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1282-1.NASL description This update for libxslt fixes the following issues : - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute last seen 2020-06-01 modified 2020-06-02 plugin id 100208 published 2017-05-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100208 title SUSE SLES11 Security Update : libxslt (SUSE-SU-2017:1282-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A505D397075811E78D8BE8E0B747A45A.NASL description Google Chrome Releases reports : 36 security fixes in this release Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 97689 published 2017-03-13 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97689 title FreeBSD : chromium -- multiple vulnerabilities (a505d397-0758-11e7-8d8b-e8e0b747a45a) NASL family Fedora Local Security Checks NASL id FEDORA_2017-98BED96D12.NASL description This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS (long-term support) branch. This is a snapshot of the QtWebEngine that will be included in the bugfix and security release Qt 5.6.3, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.6.2: CVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214, CVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078, CVE-2017-5083, and CVE-2017-5089. Other important changes include : - Based on Chromium 49.0.2623.111 (the version used in QtWebEngine 5.7.x) with security fixes from Chromium up to version 59.0.3071.104. (5.6.2 was based on Chromium 45.0.2554.101 with security fixes from Chromium up to version 52.0.2743.116.) - All other bug fixes from QtWebEngine 5.7.1 have been backported. See http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5. 6 for details. (Please note that at the time of this writing, not all security backports are listed in that file yet. The list above is accurate.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-24 plugin id 101920 published 2017-07-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101920 title Fedora 24 : qt5-qtwebengine (2017-98bed96d12) NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_6_BANNER.NASL description The version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information. (CVE-2017-2383) - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463) - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 100026 published 2017-05-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100026 title Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-609.NASL description This update for libxslt fixes the following security issues : - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute last seen 2020-06-05 modified 2017-05-24 plugin id 100367 published 2017-05-24 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100367 title openSUSE Security Update : libxslt (openSUSE-2017-609) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2017-001.NASL description The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the LibreSSL component due to a flaw in the ECDSA implementation that is triggered when not properly setting a flag in ECDSA signing nonces to indicate that only constant-time code paths should be followed. An unauthenticated, remote attacker can exploit this to conduct side-channel cache-timing attacks, allowing the attacker to recover the modular inversion state sequences and the ECDSA private keys. Note that this vulnerability does not affect Mac OS X 10.10.5. (CVE-2016-7056) - An integer overflow condition exists in the ImageIO component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted JPEG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2432) - Multiple memory corruption issues exist in the libxslt component that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2477) - An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to cause an out-of-bounds write, potentially allowing the execution of arbitrary code. (CVE-2017-5029) last seen 2020-06-01 modified 2020-06-02 plugin id 99135 published 2017-03-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99135 title Mac OS X Multiple Vulnerabilities (Security Update 2017-001 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0018.NASL description An update of [linux,libxlt] packages for PhotonOS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111867 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111867 title Photon OS 1.0: Linux PHSA-2017-0018 (deprecated) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6A177C87993311E793F7D43D7E971A1B.NASL description GitLab reports : Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 103237 published 2017-09-15 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103237 title FreeBSD : GitLab -- multiple vulnerabilities (6a177c87-9933-11e7-93f7-d43d7e971a1b) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1313-1.NASL description This update for libxslt fixes the following issues : - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute last seen 2020-06-01 modified 2020-06-02 plugin id 100243 published 2017-05-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100243 title SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2017:1313-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3810.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5029 Holger Fuhrmannek discovered an integer overflow issue in the libxslt library. - CVE-2017-5030 Brendon Tiszka discovered a memory corruption issue in the v8 JavaScript library. - CVE-2017-5031 Looben Yang discovered a use-after-free issue in the ANGLE library. - CVE-2017-5032 Ashfaq Ansari discovered an out-of-bounds write in the pdfium library. - CVE-2017-5033 Nicolai Grodum discovered a way to bypass the Content Security Policy. - CVE-2017-5034 Ke Liu discovered an integer overflow issue in the pdfium library. - CVE-2017-5035 Enzo Aguado discovered an issue with the omnibox. - CVE-2017-5036 A use-after-free issue was discovered in the pdfium library. - CVE-2017-5037 Yongke Wang discovered multiple out-of-bounds write issues. - CVE-2017-5038 A use-after-free issue was discovered in the guest view. - CVE-2017-5039 jinmo123 discovered a use-after-free issue in the pdfium library. - CVE-2017-5040 Choongwoo Han discovered an information disclosure issue in the v8 JavaScript library. - CVE-2017-5041 Jordi Chancel discovered an address spoofing issue. - CVE-2017-5042 Mike Ruddy discovered incorrect handling of cookies. - CVE-2017-5043 Another use-after-free issue was discovered in the guest view. - CVE-2017-5044 Kushal Arvind Shah discovered a heap overflow issue in the skia library. - CVE-2017-5045 Dhaval Kapil discovered an information disclosure issue. - CVE-2017-5046 Masato Kinugawa discovered an information disclosure issue. last seen 2020-06-01 modified 2020-06-02 plugin id 97783 published 2017-03-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97783 title Debian DSA-3810-1 : chromium-browser - security update NASL family Windows NASL id ITUNES_12_6.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information. (CVE-2017-2383) - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463) - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 100025 published 2017-05-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100025 title Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201804-01.NASL description The remote host is affected by the vulnerability described in GLSA-201804-01 (libxslt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, via a crafted HTML page, could possibly execute arbitrary code, cause a Denial of Service condition or leak information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 108821 published 2018-04-04 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/108821 title GLSA-201804-01 : libxslt: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2017-58CDE32413.NASL description This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069. Other important changes include : - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.) - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. - [QTBUG-56531] Enabled `filesystem:` protocol handler. - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering. - [QTBUG-60049] Enabled brotli support. - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details. In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-13 plugin id 101504 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101504 title Fedora 25 : qt5-qtwebengine (2017-58cde32413) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_57_0_2987_98.NASL description The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 57.0.2987.98. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition condition exists in libxslt in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write error, resulting in the execution of arbitrary code. (CVE-2017-5029) - A flaw exists in Google V8 in the ArrayConcatVisitor class in builtins-array.cc due to improper handling of JSProxy species. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2017-5030) - A use-after-free error exists in the ANGLE component due to improper handling of buffer storage operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5031) - An overflow condition exists in Google PDFium in the GetTextRunInfo() function in pdfium_page.cc that is triggered when processing text runs. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to execute arbitrary code. (CVE-2017-5032) - A security bypass vulnerability exists in the initContentSecurityPolicy() function in Document.cpp due to local schemes not inheriting the content security policy. An unauthenticated, remote attacker can exploit this to bypass the content security policy. (CVE-2017-5033) - A flaw exists in the OpenJPEG component in the m_mct_records() function in j2k.c due to improper handling of specially crafted JPEG2000 files. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-5034) - An unspecified flaw exists in the RendererDidNavigateToExistingPage() function in navigation_controller_impl.cc that occurs when handling data from the renderer process. An unauthenticated, remote attacker can exploit this to have an unspecified impact on the security UI. (CVE-2017-5035) - A use-after-free error exists in Google PDFium in the Document class in Document.h due to improper handling of last seen 2020-06-01 modified 2020-06-02 plugin id 97725 published 2017-03-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97725 title Google Chrome < 57.0.2987.98 Multiple Vulnerabilities (macOS) NASL family Windows NASL id GOOGLE_CHROME_57_0_2987_98.NASL description The version of Google Chrome installed on the remote Windows host is prior to 57.0.2987.98. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition condition exists in libxslt in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write error, resulting in the execution of arbitrary code. (CVE-2017-5029) - A flaw exists in Google V8 in the ArrayConcatVisitor class in builtins-array.cc due to improper handling of JSProxy species. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2017-5030) - A use-after-free error exists in the ANGLE component due to improper handling of buffer storage operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5031) - An overflow condition exists in Google PDFium in the GetTextRunInfo() function in pdfium_page.cc that is triggered when processing text runs. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to execute arbitrary code. (CVE-2017-5032) - A security bypass vulnerability exists in the initContentSecurityPolicy() function in Document.cpp due to local schemes not inheriting the content security policy. An unauthenticated, remote attacker can exploit this to bypass the content security policy. (CVE-2017-5033) - A flaw exists in the OpenJPEG component in the m_mct_records() function in j2k.c due to improper handling of specially crafted JPEG2000 files. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-5034) - An unspecified flaw exists in the RendererDidNavigateToExistingPage() function in navigation_controller_impl.cc that occurs when handling data from the renderer process. An unauthenticated, remote attacker can exploit this to have an unspecified impact on the security UI. (CVE-2017-5035) - A use-after-free error exists in Google PDFium in the Document class in Document.h due to improper handling of last seen 2020-06-01 modified 2020-06-02 plugin id 97724 published 2017-03-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97724 title Google Chrome < 57.0.2987.98 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-866.NASL description libxslt is vulnerable to an integer overflow in the xsltAddTextString function that can be exploited to trigger an out of bounds write on 64-bit systems. For Debian 7 last seen 2020-03-17 modified 2017-03-24 plugin id 97920 published 2017-03-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97920 title Debian DLA-866-1 : libxslt security update
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
- http://www.securitytracker.com/id/1038157
- https://crbug.com/676623
- http://www.debian.org/security/2017/dsa-3810
- http://www.securityfocus.com/bid/96767
- http://rhn.redhat.com/errata/RHSA-2017-0499.html