Detections
Analytics

EulerOS Virtualization 3.0.6.6 : libjpeg-turbo (EulerOS-SA-2020-2457)

high Nessus Plugin ID 142536

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the libjpeg-turbo packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 - In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.(CVE-2020-14152)

 - CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the 'Select Role of the User' page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library.(CVE-2020-13790)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected libjpeg-turbo packages.

See Also

http://www.nessus.org/u?0fe1d738

Plugin Details

Severity: High

ID: 142536

File Name: EulerOS_SA-2020-2457.nasl

Version: 1.6

Type: local

Published: 11/6/2020

Updated: 2/9/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2020-14152

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-13790

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:libjpeg-turbo, p-cpe:/a:huawei:euleros:libjpeg-turbo-devel, cpe:/o:huawei:euleros:uvp:3.0.6.6

Required KB Items: Host/EulerOS/rpm-list, Host/EulerOS/uvp_version, Host/local_checks_enabled, Host/cpu, Host/EulerOS/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/5/2020

Reference Information

CVE: CVE-2020-13790, CVE-2020-14152