SUSE SLES15 Security Update : netcdf (SUSE-SU-2021:3805-1)

high Nessus Plugin ID 178276

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3805-1 advisory.

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
(CVE-2019-20005)

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. (CVE-2019-20006)

- An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault). (CVE-2019-20007)

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. (CVE-2019-20198)

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. (CVE-2019-20199)

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the normalize line endings feature. (CVE-2019-20200)

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. (CVE-2019-20201)

- An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
(CVE-2019-20202)

- The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. (CVE-2021-26220)

- The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. (CVE-2021-26221, CVE-2021-26222)

- An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. (CVE-2021-30485)

- An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. (CVE-2021-31229)

- An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
(CVE-2021-31347)

- An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
(CVE-2021-31348)

- An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. (CVE-2021-31598)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1191856

http://www.nessus.org/u?2bb56f0f

https://www.suse.com/security/cve/CVE-2019-20005

https://www.suse.com/security/cve/CVE-2019-20006

https://www.suse.com/security/cve/CVE-2019-20007

https://www.suse.com/security/cve/CVE-2019-20198

https://www.suse.com/security/cve/CVE-2019-20199

https://www.suse.com/security/cve/CVE-2019-20200

https://www.suse.com/security/cve/CVE-2019-20201

https://www.suse.com/security/cve/CVE-2019-20202

https://www.suse.com/security/cve/CVE-2021-26220

https://www.suse.com/security/cve/CVE-2021-26221

https://www.suse.com/security/cve/CVE-2021-26222

https://www.suse.com/security/cve/CVE-2021-30485

https://www.suse.com/security/cve/CVE-2021-31229

https://www.suse.com/security/cve/CVE-2021-31347

https://www.suse.com/security/cve/CVE-2021-31348

https://www.suse.com/security/cve/CVE-2021-31598

Plugin Details

Severity: High

ID: 178276

File Name: suse_SU-2021-3805-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 7/13/2023

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2021-26222

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libnetcdf_4_7_3-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-hpc-devel, p-cpe:/a:novell:suse_linux:libnetcdf-gnu-openmpi2-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-openmpi3-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-mpich-hpc-devel-static, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:libnetcdf_4_7_3-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:libnetcdf_4_7_3-gnu-openmpi2-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-mvapich2-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-hpc, p-cpe:/a:novell:suse_linux:libnetcdf_4_7_3-gnu-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-openmpi2-hpc-devel-static, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-mpich-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf-gnu-mvapich2-hpc-devel, p-cpe:/a:novell:suse_linux:libnetcdf-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-openmpi3-hpc-devel-static, p-cpe:/a:novell:suse_linux:netcdf-gnu-openmpi2-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-mpich-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf-gnu-openmpi2-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-openmpi3-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-mvapich2-hpc-devel-static, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:libnetcdf-gnu-hpc, p-cpe:/a:novell:suse_linux:libnetcdf-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-hpc-devel-static, p-cpe:/a:novell:suse_linux:libnetcdf-gnu-openmpi3-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-openmpi2-hpc, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-openmpi2-hpc-devel, p-cpe:/a:novell:suse_linux:netcdf_4_7_3-gnu-mpich-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-mvapich2-hpc, p-cpe:/a:novell:suse_linux:netcdf-gnu-hpc, p-cpe:/a:novell:suse_linux:libnetcdf_4_7_3-gnu-openmpi3-hpc

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/25/2021

Vulnerability Publication Date: 12/26/2019

Reference Information

CVE: CVE-2019-20005, CVE-2019-20006, CVE-2019-20007, CVE-2019-20198, CVE-2019-20199, CVE-2019-20200, CVE-2019-20201, CVE-2019-20202, CVE-2021-26220, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598

SuSE: SUSE-SU-2021:3805-1