Vulnerabilities > CVE-2019-11922 - Race Condition vulnerability in Facebook Zstandard
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4108-1.NASL description It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128075 published 2019-08-22 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128075 title Ubuntu 18.04 LTS : libzstd vulnerability (USN-4108-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4108-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(128075); script_version("1.3"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-11922"); script_xref(name:"USN", value:"4108-1"); script_name(english:"Ubuntu 18.04 LTS : libzstd vulnerability (USN-4108-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4108-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libzstd1 and / or zstd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libzstd1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zstd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"libzstd1", pkgver:"1.3.3+dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"zstd", pkgver:"1.3.3+dfsg-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzstd1 / zstd"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1952.NASL description This update for zstd fixes the following issues : - Update to version 1.4.2 : - bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696) - bug: Fix seekable decompression in-memory API by @iburinoc (#1695) - bug: Close minor memory leak in CLI by @LeeYoung624 (#1701) - misc: Validate blocks are smaller than size limit by @vivekmig (#1685) - misc: Restructure source files by @ephiepark (#1679) - Update to version 1.4.1 : - bug: Fix data corruption in niche use cases by @terrelln (#1659) - bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594, #1595) - bug: Fix out of bounds read by @terrelln (#1590) - perf: Improve decode speed by ~7% @mgrice (#1668) - perf: Slightly improved compression ratio of level 3 and 4 (ZSTD_dfast) by @cyan4973 (#1681) - perf: Slightly faster compression speed when re-using a context by @cyan4973 (#1658) - perf: Improve compression ratio for small windowLog by @cyan4973 (#1624) - perf: Faster compression speed in high compression mode for repetitive data by @terrelln (#1635) - api: Add parameter to generate smaller dictionaries by @tyler-tran (#1656) - cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640) - cli: Expose cpu load indicator for each file on -vv mode by @ephiepark (#1631) - cli: Restrict read permissions on destination files by @chungy (#1644) - cli: zstdgrep: handle -f flag by @felixhandte (#1618) - cli: zstdcat: follow symlinks by @vejnar (#1604) - doc: Remove extra size limit on compressed blocks by @felixhandte (#1689) - doc: Fix typo by @yk-tanigawa (#1633) - doc: Improve documentation on streaming buffer sizes by @cyan4973 (#1629) - build: CMake: support building with LZ4 @leeyoung624 (#1626) - build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647) - build: CMake: respect existing uninstall target by @j301scott (#1619) - build: Make: skip multithread tests when built without support by @michaelforney (#1620) - build: Make: Fix examples/ test target by @sjnam (#1603) - build: Meson: rename options out of deprecated namespace by @lzutao (#1665) - build: Meson: fix build by @lzutao (#1602) - build: Visual Studio: don last seen 2020-06-01 modified 2020-06-02 plugin id 128015 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128015 title openSUSE Security Update : zstd (openSUSE-2019-1952) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1952. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(128015); script_version("1.2"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-11922"); script_name(english:"openSUSE Security Update : zstd (openSUSE-2019-1952)"); script_summary(english:"Check for the openSUSE-2019-1952 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for zstd fixes the following issues : - Update to version 1.4.2 : - bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696) - bug: Fix seekable decompression in-memory API by @iburinoc (#1695) - bug: Close minor memory leak in CLI by @LeeYoung624 (#1701) - misc: Validate blocks are smaller than size limit by @vivekmig (#1685) - misc: Restructure source files by @ephiepark (#1679) - Update to version 1.4.1 : - bug: Fix data corruption in niche use cases by @terrelln (#1659) - bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594, #1595) - bug: Fix out of bounds read by @terrelln (#1590) - perf: Improve decode speed by ~7% @mgrice (#1668) - perf: Slightly improved compression ratio of level 3 and 4 (ZSTD_dfast) by @cyan4973 (#1681) - perf: Slightly faster compression speed when re-using a context by @cyan4973 (#1658) - perf: Improve compression ratio for small windowLog by @cyan4973 (#1624) - perf: Faster compression speed in high compression mode for repetitive data by @terrelln (#1635) - api: Add parameter to generate smaller dictionaries by @tyler-tran (#1656) - cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640) - cli: Expose cpu load indicator for each file on -vv mode by @ephiepark (#1631) - cli: Restrict read permissions on destination files by @chungy (#1644) - cli: zstdgrep: handle -f flag by @felixhandte (#1618) - cli: zstdcat: follow symlinks by @vejnar (#1604) - doc: Remove extra size limit on compressed blocks by @felixhandte (#1689) - doc: Fix typo by @yk-tanigawa (#1633) - doc: Improve documentation on streaming buffer sizes by @cyan4973 (#1629) - build: CMake: support building with LZ4 @leeyoung624 (#1626) - build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647) - build: CMake: respect existing uninstall target by @j301scott (#1619) - build: Make: skip multithread tests when built without support by @michaelforney (#1620) - build: Make: Fix examples/ test target by @sjnam (#1603) - build: Meson: rename options out of deprecated namespace by @lzutao (#1665) - build: Meson: fix build by @lzutao (#1602) - build: Visual Studio: don't export symbols in static lib by @scharan (#1650) - build: Visual Studio: fix linking by @absotively (#1639) - build: Fix MinGW-W64 build by @myzhang1029 (#1600) - misc: Expand decodecorpus coverage by @ephiepark (#1664) - Add baselibs.conf: libarchive gained zstd support and provides -32bit libraries. This means, zstd also needs to provide -32bit libs. - Update to new upstream release 1.4.0 - perf: level 1 compression speed was improved - cli: added --[no-]compress-literals flag to enable or disable literal compression - Reword 'real-time' in description by some actual statistics, because 603MB/s (lowest zstd level) is not 'real-time' for quite some applications. - zstd 1.3.8 : - better decompression speed on large files (+7%) and cold dictionaries (+15%) - slightly better compression ratio at high compression modes - new --rsyncable mode - support decompression of empty frames into NULL (used to be an error) - support ZSTD_CLEVEL environment variable - --no-progress flag, preserving final summary - various CLI fixes - fix race condition in one-pass compression functions that could allow out of bounds write (CVE-2019-11922, boo#1142941) - zstd 1.3.7 : - fix ratio for dictionary compression at levels 9 and 10 - add man pages for zstdless and zstdgrep - includes changes from zstd 1.3.6 : - faster dictionary builder, also the new default for --train - previous (slower, slightly higher quality) dictionary builder to be selected via --train-cover - Faster dictionary decompression and compression under memory limits with many dictionaries used simultaneously - New command --adapt for compressed network piping of data adjusted to the perceived network conditions - update to 1.3.5 : - much faster dictionary compression - small quality improvement for dictionary generation - slightly improved performance at high compression levels - automatic memory release for long duration contexts - fix overlapLog can be manually set - fix decoding invalid lz4 frames - fix performance degradation for dictionary compression when using advanced API - fix pzstd tests - enable pzstd (parallel zstd) - Use %license instead of %doc [boo#1082318] - Add disk _constraints to fix ppc64le build - Use FAT LTO objects in order to provide proper static library (boo#1133297)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133297" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142941" ); script_set_attribute(attribute:"solution", value:"Update the affected zstd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libzstd-devel-1.4.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libzstd-devel-static-1.4.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libzstd1-1.4.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libzstd1-debuginfo-1.4.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"zstd-1.4.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"zstd-debuginfo-1.4.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"zstd-debugsource-1.4.2-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzstd-devel / libzstd-devel-static / libzstd1 / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1845.NASL description This update for zstd to version 1.4.2 fixes the following issues : Security issues fixed : 	 - CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write (boo#1142941). Non-security issues fixed : 	 - Added --[no-]compress-literals CLI flag to enable or disable literal compression. - Added new --rsyncable mode. - Added handling of -f flag to zstdgrep. - Added CPU load indicator for each file on -vv mode. - Changed --no-progress flag to preserve the final summary. - Added new command --adapt for compressed network piping of data adjusted to the perceived network conditions. last seen 2020-06-01 modified 2020-06-02 plugin id 127834 published 2019-08-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127834 title openSUSE Security Update : zstd (openSUSE-2019-1845) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1845. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(127834); script_version("1.2"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-11922"); script_name(english:"openSUSE Security Update : zstd (openSUSE-2019-1845)"); script_summary(english:"Check for the openSUSE-2019-1845 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for zstd to version 1.4.2 fixes the following issues : Security issues fixed : 	 - CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write (boo#1142941). Non-security issues fixed : 	 - Added --[no-]compress-literals CLI flag to enable or disable literal compression. - Added new --rsyncable mode. - Added handling of -f flag to zstdgrep. - Added CPU load indicator for each file on -vv mode. - Changed --no-progress flag to preserve the final summary. - Added new command --adapt for compressed network piping of data adjusted to the perceived network conditions." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133297" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142941" ); script_set_attribute(attribute:"solution", value:"Update the affected zstd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"libzstd-devel-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libzstd-devel-static-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libzstd1-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libzstd1-debuginfo-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"zstd-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"zstd-debuginfo-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"zstd-debugsource-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libzstd1-32bit-1.4.2-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libzstd1-32bit-debuginfo-1.4.2-lp151.3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzstd-devel / libzstd-devel-static / libzstd1 / etc"); }
References
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html
- https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
- https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
- https://usn.ubuntu.com/4108-1/
- https://usn.ubuntu.com/4108-1/
- https://www.facebook.com/security/advisories/cve-2019-11922
- https://www.facebook.com/security/advisories/cve-2019-11922
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html