The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2287-1 advisory.

  - cups-filters contains backends, filters, and other software required to get the cups printing service     working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an     accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains     the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`.
    `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network     access to the hosted print server can exploit this vulnerability to inject system commands which are     executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is     expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict     access to network printers in the meantime. (CVE-2023-24805)

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES15 / openSUSE 15 Security Update : cups-filters, poppler, texlive (SUSE-SU-2023:2287-1)

high Nessus Plugin ID 176355

Version 1.3

Version 1.1

Version 1.0

Version 1.3 Jul 14, 2023, 10:50 AM Detection Plugin Feed: 202307141050
Version 1.1 May 29, 2023, 2:12 PM CVSS metrics ("CVSSv2 score" changed from 7.2 to 9.0. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C". "CVSSv3 score" changed from 7.8 to 8.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2023-32700" to "CVE-2023-24805") CVSSv3 score source (set to "CVE-2023-24805") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202305291412
Version 1.0 May 25, 2023, 9:13 AM New Plugin Feed: 202305250913