Detections
Analytics

SUSE SLES12 Security Update : transfig (SUSE-SU-2021:3585-1)

medium Nessus Plugin ID 154741

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3585-1 advisory.

 Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)

 - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c.
 - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c.
 - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c.
 - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c.
 - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c.
 - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c.
 - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c.
 - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected transfig package.

See Also

https://bugzilla.suse.com/1190607

https://bugzilla.suse.com/1190611

https://bugzilla.suse.com/1190612

https://bugzilla.suse.com/1190615

https://bugzilla.suse.com/1190616

https://bugzilla.suse.com/1190617

https://bugzilla.suse.com/1190618

https://bugzilla.suse.com/1192019

https://www.suse.com/security/cve/CVE-2020-21529

https://www.suse.com/security/cve/CVE-2020-21530

https://www.suse.com/security/cve/CVE-2020-21531

https://www.suse.com/security/cve/CVE-2020-21532

https://www.suse.com/security/cve/CVE-2020-21533

https://www.suse.com/security/cve/CVE-2020-21534

https://www.suse.com/security/cve/CVE-2020-21535

https://www.suse.com/security/cve/CVE-2021-32280

http://www.nessus.org/u?174bfcdf

Plugin Details

Severity: Medium

ID: 154741

File Name: suse_SU-2021-3585-1.nasl

Version: 1.5

Type: Local

Agent: unix

Published: 10/30/2021

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-32280

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:transfig

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/29/2021

Vulnerability Publication Date: 9/16/2021

Reference Information

CVE: CVE-2020-21529, CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533, CVE-2020-21534, CVE-2020-21535, CVE-2021-32280

SuSE: SUSE-SU-2021:3585-1