Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0786-1 advisory.
Update to version 5.2.2
* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
* #138 Documentation for obsolete utilities still installed
* #139: Typo in 'LZW image data' page ('110_2 = 4_10')
* #140: Typo in 'LZW image data' page ('LWZ')
* #141: Typo in 'Bits and bytes' page ('filed')
* Note as already fixed SF issue #143: cannot compile under mingw
* #144: giflib-5.2.1 cannot be build on windows and other platforms using c89
* #145: Remove manual pages installation for binaries that are not installed too
* #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
* #147 [PATCH] Fixes to doc/whatsinagif/ content
* #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
* Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no longer possible
* #151: A heap-buffer-overflow in gif2rgb.c:294:45
* #152: Fix some typos on the html documentation and man pages
* #153: Fix segmentation faults due to non correct checking for args
* #154: Recover the giffilter manual page
* #155: Add gifsponge docs
* #157: An OutofMemory-Exception or Memory Leak in gif2rgb
* #158: There is a null pointer problem in gif2rgb
* #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
* #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
* #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
* #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Plugin Details
File Name: suse_SU-2024-0786-1.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:libgif7, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:giflib-devel
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 3/6/2024
Vulnerability Publication Date: 4/25/2022