Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with good practice, Tenable opted to upgrade the bundled third-party components to address the potential impact of these issues.
Nessus Agent 7.1.0 updates the following components:
OpenSSL has been updated from 1.0.2n to 1.0.2o- CVE-2017-3738, CVE-2018-0733, CVE-2018-0739
expat has been updated from 2.2.1 to 2.2.5 - CVE-2017-11742, CVE-2017-9233, CVE-2016-9063, CVE-2016-0718, CVE-2016-5300, CVE-2012-0876, CVE-2016-4472, CVE-2012-6702
libjpeg has been updated from 8d to 9c - CVE-2018-11214
libXML2 has been updated from 2.9.4 to 2.9.7 - CVE-2017-18258, CVE-2017-16932, CVE-2017-16931, CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872, CVE-2017-7375, CVE-2017-5969, CVE-2016-9318, CVE-2016-5131, CVE-2018-9251
libXMLSEC has been updated from 1.2.18 to 1.2.25 - CVE-2017-1000061
libXSLT has been updated from 1.1.27 to 1.1.32 - CVE-2012-6139, CVE-2015-7995, CVE-2015-9019, CVE-2016-1683, CVE-2016-1684, CVE-2017-5029
Zlib has been updated from 1.2.8 to 1.2.11 - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
libPCRE has been updated from 7.8 to 8.42 - CVE-2014-8964, CVE-2014-9769, CVE-2015-2327, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8394, CVE-2015-8395, CVE-2016-1283, CVE-2016-3191, CVE-2017-6004, CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246
Note: The CVSSv2 score used in this advisory reflects CVE-2015-8391, as it is considered the highest risk. To view information on the remaining CVE IDs mentioned above, please visit https://nvd.nist.gov/vuln/search.
