Vulnerabilities > CVE-2019-5815 - Type Confusion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
xmlsoft
debian
CWE-843
nessus

Summary

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
94
OS
Debian
1

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0047_LIBXSLT.NASL
    descriptionAn update of the libxslt package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id133066
    published2020-01-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133066
    titlePhoton OS 3.0: Libxslt PHSA-2020-3.0-0047
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-3.0-0047. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(133066);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/20");
    
      script_cve_id("CVE-2019-5815");
      script_bugtraq_id(108048);
    
      script_name(english:"Photon OS 3.0: Libxslt PHSA-2020-3.0-0047");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the libxslt package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-47.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5815");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libxslt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_exists(rpm:"libxslt-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"aarch64", reference:"libxslt-1.1.32-6.ph3")) flag++;
    if (rpm_exists(rpm:"libxslt-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"libxslt-1.1.32-6.ph3")) flag++;
    if (rpm_exists(rpm:"libxslt-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"src", reference:"libxslt-1.1.32-6.ph3.src")) flag++;
    if (rpm_exists(rpm:"libxslt-debuginfo-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"aarch64", reference:"libxslt-debuginfo-1.1.32-6.ph3")) flag++;
    if (rpm_exists(rpm:"libxslt-debuginfo-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"libxslt-debuginfo-1.1.32-6.ph3")) flag++;
    if (rpm_exists(rpm:"libxslt-devel-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"aarch64", reference:"libxslt-devel-1.1.32-6.ph3")) flag++;
    if (rpm_exists(rpm:"libxslt-devel-1.1", release:"PhotonOS-3.0") && rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"libxslt-devel-1.1.32-6.ph3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1442.NASL
    descriptionAccording to the versions of the libxslt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118) - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117) - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684) - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683) - The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a
    last seen2020-04-30
    modified2020-04-15
    plugin id135571
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135571
    titleEulerOS Virtualization 3.0.2.2 : libxslt (EulerOS-SA-2020-1442)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135571);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");
    
      script_cve_id(
        "CVE-2015-7995",
        "CVE-2016-1683",
        "CVE-2016-1684",
        "CVE-2019-13117",
        "CVE-2019-13118",
        "CVE-2019-18197",
        "CVE-2019-5815"
      );
    
      script_name(english:"EulerOS Virtualization 3.0.2.2 : libxslt (EulerOS-SA-2020-1442)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libxslt packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - In numbers.c in libxslt 1.1.33, a type holding grouping
        characters of an xsl:number instruction was too narrow
        and an invalid character/length combination could be
        passed to xsltNumberFormatDecimal, leading to a read of
        uninitialized stack data.(CVE-2019-13118)
    
      - In numbers.c in libxslt 1.1.33, an xsl:number with
        certain format strings could lead to a uninitialized
        read in xsltNumberFormatInsertNumbers. This could allow
        an attacker to discern whether a byte on the stack
        contains the characters A, a, I, i, or 0, or any other
        character.(CVE-2019-13117)
    
      - numbers.c in libxslt before 1.1.29, as used in Google
        Chrome before 51.0.2704.63, mishandles the i format
        token for xsl:number data, which allows remote
        attackers to cause a denial of service (integer
        overflow or resource consumption) or possibly have
        unspecified other impact via a crafted
        document.(CVE-2016-1684)
    
      - numbers.c in libxslt before 1.1.29, as used in Google
        Chrome before 51.0.2704.63, mishandles namespace nodes,
        which allows remote attackers to cause a denial of
        service (out-of-bounds heap memory access) or possibly
        have unspecified other impact via a crafted
        document.(CVE-2016-1683)
    
      - The xsltStylePreCompute function in preproc.c in
        libxslt 1.1.28 does not check if the parent node is an
        element, which allows attackers to cause a denial of
        service via a crafted XML file, related to a 'type
        confusion' issue.(CVE-2015-7995)
    
      - In xsltCopyText in transform.c in libxslt 1.1.33, a
        pointer variable isn't reset under certain
        circumstances. If the relevant memory area happened to
        be freed and reused in a certain way, a bounds check
        could fail and memory outside a buffer could be written
        to, or uninitialized data could be
        disclosed.(CVE-2019-18197)
    
      - Type confusion in xsltNumberFormatGetMultipleLevel
        prior to libxslt 1.1.33 could allow attackers to
        potentially exploit heap corruption via crafted XML
        data.(CVE-2019-5815)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1442
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b667262f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libxslt packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxslt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxslt-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libxslt-1.1.28-5.h7.eulerosv2r7",
            "libxslt-python-1.1.28-5.h7.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-18 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127967
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127967
    titleGLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201908-18.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127967);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2018-17480", "CVE-2018-17481", "CVE-2018-18335", "CVE-2018-18336", "CVE-2018-18337", "CVE-2018-18338", "CVE-2018-18339", "CVE-2018-18340", "CVE-2018-18341", "CVE-2018-18342", "CVE-2018-18343", "CVE-2018-18344", "CVE-2018-18345", "CVE-2018-18346", "CVE-2018-18347", "CVE-2018-18348", "CVE-2018-18349", "CVE-2018-18350", "CVE-2018-18351", "CVE-2018-18352", "CVE-2018-18353", "CVE-2018-18354", "CVE-2018-18355", "CVE-2018-18356", "CVE-2018-18357", "CVE-2018-18358", "CVE-2018-18359", "CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823", "CVE-2019-5828", "CVE-2019-5829", "CVE-2019-5830", "CVE-2019-5831", "CVE-2019-5832", "CVE-2019-5833", "CVE-2019-5834", "CVE-2019-5835", "CVE-2019-5836", "CVE-2019-5837", "CVE-2019-5838", "CVE-2019-5839", "CVE-2019-5840", "CVE-2019-5842", "CVE-2019-5847", "CVE-2019-5848", "CVE-2019-5850", "CVE-2019-5851", "CVE-2019-5852", "CVE-2019-5853", "CVE-2019-5854", "CVE-2019-5855", "CVE-2019-5856", "CVE-2019-5857", "CVE-2019-5858", "CVE-2019-5859", "CVE-2019-5860", "CVE-2019-5861", "CVE-2019-5862", "CVE-2019-5863", "CVE-2019-5864", "CVE-2019-5865", "CVE-2019-5867", "CVE-2019-5868");
      script_xref(name:"GLSA", value:"201908-18");
    
      script_name(english:"GLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201908-18
    (Chromium, Google Chrome: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Chromium and Google
          Chrome. Please review the referenced CVE identifiers and Google Chrome
          Releases for details.
      
    Impact :
    
        Please review the referenced CVE identifiers for details.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201908-18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Chromium users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/chromium-76.0.3809.100'
        All Google Chrome users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-client/google-chrome-76.0.3809.100'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5859");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 76.0.3809.100"), vulnerable:make_list("lt 76.0.3809.100"))) flag++;
    if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 76.0.3809.100"), vulnerable:make_list("lt 76.0.3809.100"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0196_LIBXSLT.NASL
    descriptionAn update of the libxslt package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132974
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132974
    titlePhoton OS 2.0: Libxslt PHSA-2019-2.0-0196
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0196. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132974);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/18");
    
      script_cve_id("CVE-2019-5815");
      script_bugtraq_id(108048);
    
      script_name(english:"Photon OS 2.0: Libxslt PHSA-2019-2.0-0196");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the libxslt package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-196.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5815");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libxslt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_exists(rpm:"libxslt-1.1", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"libxslt-1.1.29-8.ph2")) flag++;
    if (rpm_exists(rpm:"libxslt-1.1", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"src", reference:"libxslt-1.1.29-8.ph2.src")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"libxslt-debuginfo-1.1.29-8.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"libxslt-devel-1.1.29-8.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt");
    }
    
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1325.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available
    last seen2020-05-31
    modified2019-05-06
    plugin id124641
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124641
    titleopenSUSE Security Update : chromium (openSUSE-2019-1325)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1325.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124641);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823");
    
      script_name(english:"openSUSE Security Update : chromium (openSUSE-2019-1325)");
      script_summary(english:"Check for the openSUSE-2019-1325 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for chromium fixes the following issues :
    
    Chromium was updated to 74.0.3729.108 boo#1133313 :
    
      - CVE-2019-5805: Use after free in PDFium
    
      - CVE-2019-5806: Integer overflow in Angle
    
      - CVE-2019-5807: Memory corruption in V8
    
      - CVE-2019-5808: Use after free in Blink
    
      - CVE-2019-5809: Use after free in Blink
    
      - CVE-2019-5810: User information disclosure in Autofill
    
      - CVE-2019-5811: CORS bypass in Blink
    
      - CVE-2019-5813: Out of bounds read in V8
    
      - CVE-2019-5814: CORS bypass in Blink
    
      - CVE-2019-5815: Heap buffer overflow in Blink
    
      - CVE-2019-5818: Uninitialized value in media reader
    
      - CVE-2019-5819: Incorrect escaping in developer tools
    
      - CVE-2019-5820: Integer overflow in PDFium
    
      - CVE-2019-5821: Integer overflow in PDFium
    
      - CVE-2019-5822: CORS bypass in download manager
    
      - CVE-2019-5823: Forced navigation from service worker
    
      - CVE-2019-5812: URL spoof in Omnibox on iOS
    
      - CVE-2019-5816: Exploit persistence extension on Android
    
      - CVE-2019-5817: Heap buffer overflow in Angle on Windows
    
      - Update conditions to use system harfbuzz on TW+
    
      - Require java during build
    
      - Enable using pipewire when available"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133313"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"chromedriver-74.0.3729.108-lp150.209.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"chromedriver-debuginfo-74.0.3729.108-lp150.209.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"chromium-74.0.3729.108-lp150.209.2", allowmaj:TRUE) ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"chromium-debuginfo-74.0.3729.108-lp150.209.2", allowmaj:TRUE) ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"chromium-debugsource-74.0.3729.108-lp150.209.2", allowmaj:TRUE) ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4500.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. - CVE-2019-5807 TimGMichaud discovered a memory corruption issue in the v8 JavaScript library. - CVE-2019-5808 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. - CVE-2019-5809 Mark Brand discovered a use-after-free issue in Blink/Webkit. - CVE-2019-5810 Mark Amery discovered an information disclosure issue. - CVE-2019-5811 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature. - CVE-2019-5813 Aleksandar Nikolic discovered an out-of-bounds read issue in the v8 JavaScript library. - CVE-2019-5814 @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource Sharing feature. - CVE-2019-5815 Nicolas Gregoire discovered a buffer overflow issue in Blink/Webkit. - CVE-2019-5818 Adrian Tolbaru discovered an uninitialized value issue. - CVE-2019-5819 Svyat Mitin discovered an error in the developer tools. - CVE-2019-5820 pdknsk discovered an integer overflow issue in the pdfium library. - CVE-2019-5821 pdknsk discovered another integer overflow issue in the pdfium library. - CVE-2019-5822 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature. - CVE-2019-5823 David Erceg discovered a navigation error. - CVE-2019-5824 leecraso and Guang Gong discovered an error in the media player. - CVE-2019-5825 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-5826 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a use-after-free issue. - CVE-2019-5827 mlfbrown discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-5828 leecraso and Guang Gong discovered a use-after-free issue. - CVE-2019-5829 Lucas Pinheiro discovered a use-after-free issue. - CVE-2019-5830 Andrew Krashichkov discovered a credential error in the Cross-Origin Resource Sharing feature. - CVE-2019-5831 yngwei discovered a map error in the v8 JavaScript library. - CVE-2019-5832 Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing feature. - CVE-2019-5833 Khalil Zhani discovered a user interface error. - CVE-2019-5834 Khalil Zhani discovered a URL spoofing issue. - CVE-2019-5836 Omair discovered a buffer overflow issue in the Angle library. - CVE-2019-5837 Adam Iawniuk discovered an information disclosure issue. - CVE-2019-5838 David Erceg discovered an error in extension permissions. - CVE-2019-5839 Masato Kinugawa discovered implementation errors in Blink/Webkit. - CVE-2019-5840 Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker. - CVE-2019-5842 BUGFENSE discovered a use-after-free issue in Blink/Webkit. - CVE-2019-5847 m3plex discovered an error in the v8 JavaScript library. - CVE-2019-5848 Mark Amery discovered an information disclosure issue. - CVE-2019-5849 Zhen Zhou discovered an out-of-bounds read in the Skia library. - CVE-2019-5850 Brendon Tiszka discovered a use-after-free issue in the offline page fetcher. - CVE-2019-5851 Zhe Jin discovered a use-after-poison issue. - CVE-2019-5852 David Erceg discovered an information disclosure issue. - CVE-2019-5853 Yngwei and sakura discovered a memory corruption issue. - CVE-2019-5854 Zhen Zhou discovered an integer overflow issue in the pdfium library. - CVE-2019-5855 Zhen Zhou discovered an integer overflow issue in the pdfium library. - CVE-2019-5856 Yongke Wang discovered an error related to filesystem: URI permissions. - CVE-2019-5857 cloudfuzzer discovered a way to crash chromium. - CVE-2019-5858 evil1m0 discovered an information disclosure issue. - CVE-2019-5859 James Lee discovered a way to launch alternative browsers. - CVE-2019-5860 A use-after-free issue was discovered in the v8 JavaScript library. - CVE-2019-5861 Robin Linus discovered an error determining click location. - CVE-2019-5862 Jun Kokatsu discovered an error in the AppCache implementation. - CVE-2019-5864 Devin Grindle discovered an error in the Cross-Origin Resourse Sharing feature for extensions. - CVE-2019-5865 Ivan Fratric discovered a way to bypass the site isolation feature. - CVE-2019-5867 Lucas Pinheiro discovered an out-of-bounds read issue in the v8 JavaScript library. - CVE-2019-5868 banananapenguin discovered a use-after-free issue in the v8 JavaScript library.
    last seen2020-03-17
    modified2019-08-14
    plugin id127868
    published2019-08-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127868
    titleDebian DSA-4500-1 : chromium - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1324.NASL
    descriptionThis update for chromium fixes the following issues : Security update to version 74.0.3729.108 (boo#1133313). Security issues fixed : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker Bug fixes : - Update to 73.0.3686.103 : - Various feature fixes - Update to 73.0.3683.86 : - Various feature fixes - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one
    last seen2020-06-01
    modified2020-06-02
    plugin id124640
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124640
    titleopenSUSE Security Update : chromium (openSUSE-2019-1324)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A1AF621FAF.NASL
    descriptionFix itinerant crashes. ---- Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-07-25
    plugin id126995
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126995
    titleFedora 29 : chromium (2019-a1af621faf)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1409.NASL
    descriptionAccording to the version of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.(CVE-2019-5815) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-15
    plugin id135538
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135538
    titleEulerOS 2.0 SP3 : libxslt (EulerOS-SA-2020-1409)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0263_LIBXSLT.NASL
    descriptionAn update of the libxslt package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132967
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132967
    titlePhoton OS 1.0: Libxslt PHSA-2019-1.0-0263
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1021.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 74.0.3729.108. Security Fix(es) : * chromium-browser: Use after free in PDFium (CVE-2019-5805) * chromium-browser: Integer overflow in Angle (CVE-2019-5806) * chromium-browser: Memory corruption in V8 (CVE-2019-5807) * chromium-browser: Use after free in Blink (CVE-2019-5808) * chromium-browser: Use after free in Blink (CVE-2019-5809) * chromium-browser: User information disclosure in Autofill (CVE-2019-5810) * chromium-browser: CORS bypass in Blink (CVE-2019-5811) * chromium-browser: Out of bounds read in V8 (CVE-2019-5813) * chromium-browser: CORS bypass in Blink (CVE-2019-5814) * chromium-browser: Heap buffer overflow in Blink (CVE-2019-5815) * chromium-browser: Uninitialized value in media reader (CVE-2019-5818) * chromium-browser: Incorrect escaping in developer tools (CVE-2019-5819) * chromium-browser: Integer overflow in PDFium (CVE-2019-5820) * chromium-browser: Integer overflow in PDFium (CVE-2019-5821) * chromium-browser: CORS bypass in download manager (CVE-2019-5822) * chromium-browser: Forced navigation from service worker (CVE-2019-5823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-08
    plugin id124691
    published2019-05-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124691
    titleRHEL 6 : chromium-browser (RHSA-2019:1021)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_74_0_3729_108.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 74.0.3729.108. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_23 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124279
    published2019-04-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124279
    titleGoogle Chrome < 74.0.3729.108 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1554.NASL
    descriptionAccording to the version of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.(CVE-2019-5815) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136257
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136257
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2020-1554)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1666.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) : - CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332 : - CVE-2019-5828: Use after free in ServiceWorker - CVE-2019-5829: Use after free in Download Manager - CVE-2019-5830: Incorrectly credentialed requests in CORS - CVE-2019-5831: Incorrect map processing in V8 - CVE-2019-5832: Incorrect CORS handling in XHR - CVE-2019-5833: Inconsistent security UI placemen - CVE-2019-5835: Out of bounds read in Swiftshader - CVE-2019-5836: Heap buffer overflow in Angle - CVE-2019-5837: Cross-origin resources size disclosure in Appcache - CVE-2019-5838: Overly permissive tab access in Extensions - CVE-2019-5839: Incorrect handling of certain code points in Blink - CVE-2019-5840: Popup blocker bypass - Various fixes from internal audits, fuzzing and other initiatives - CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169 : - Feature fixes update only Update to 74.0.3729.157 : - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218) : - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103 : - Various feature fixes Update to 73.0.3683.86 : - Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059 : - CVE-2019-5787: Use after free in Canvas. - CVE-2019-5788: Use after free in FileAPI. - CVE-2019-5789: Use after free in WebMIDI. - CVE-2019-5790: Heap buffer overflow in V8. - CVE-2019-5791: Type confusion in V8. - CVE-2019-5792: Integer overflow in PDFium. - CVE-2019-5793: Excessive permissions for private API in Extensions. - CVE-2019-5794: Security UI spoofing. - CVE-2019-5795: Integer overflow in PDFium. - CVE-2019-5796: Race condition in Extensions. - CVE-2019-5797: Race condition in DOMStorage. - CVE-2019-5798: Out of bounds read in Skia. - CVE-2019-5799: CSP bypass with blob URL. - CVE-2019-5800: CSP bypass with blob URL. - CVE-2019-5801: Incorrect Omnibox display on iOS. - CVE-2019-5802: Security UI spoofing. - CVE-2019-5803: CSP bypass with JavaScript URLs
    last seen2020-05-31
    modified2019-07-01
    plugin id126368
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126368
    titleopenSUSE Security Update : chromium (openSUSE-2019-1666)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_74_0_3729_108.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 74.0.3729.108. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_23 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124278
    published2019-04-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124278
    titleGoogle Chrome < 74.0.3729.108 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1166.NASL
    descriptionAccording to the version of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.(CVE-2019-5815) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-02-25
    plugin id134000
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134000
    titleEulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1166)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2697.NASL
    descriptionAccording to the version of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.(CVE-2019-5815) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-23
    plugin id132364
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132364
    titleEulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-2697)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8FB8240D14.NASL
    descriptionUpdate to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-07-01
    plugin id126359
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126359
    titleFedora 30 : chromium (2019-8fb8240d14)

Redhat

rpms
  • chromium-browser-0:74.0.3729.108-1.el6_10
  • chromium-browser-debuginfo-0:74.0.3729.108-1.el6_10