Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with good practice, Tenable opted to upgrade the bundled third-party components to address the potential impact of these issues.
Nessus Agent 7.1.0 updates the following components:
OpenSSL has been updated from 1.0.2n to 1.0.2o-
CVE-2017-3738, CVE-2018-0733, CVE-2018-0739 expat has been updated from 2.2.1 to 2.2.5 -
CVE-2017-11742, CVE-2017-9233, CVE-2016-9063, CVE-2016-0718, CVE-2016-5300, CVE-2012-0876, CVE-2016-4472, CVE-2012-6702libjpeg has been updated from 8d to 9c -
CVE-2018-11214libXML2 has been updated from 2.9.4 to 2.9.7 -
CVE-2017-18258, CVE-2017-16932, CVE-2017-16931, CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872, CVE-2017-7375, CVE-2017-5969, CVE-2016-9318, CVE-2016-5131, CVE-2018-9251libXMLSEC has been updated from 1.2.18 to 1.2.25 -
CVE-2017-1000061libXSLT has been updated from 1.1.27 to 1.1.32 -
CVE-2012-6139, CVE-2015-7995, CVE-2015-9019, CVE-2016-1683, CVE-2016-1684, CVE-2017-5029Zlib has been updated from 1.2.8 to 1.2.11 -
CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843libPCRE has been updated from 7.8 to 8.42 -
CVE-2014-8964, CVE-2014-9769, CVE-2015-2327, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8394, CVE-2015-8395, CVE-2016-1283, CVE-2016-3191, CVE-2017-6004, CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246Note: The CVSSv2 score used in this advisory reflects CVE-2015-8391, as it is considered the highest risk. To view information on the remaining CVE IDs mentioned above, please visit
https://nvd.nist.gov/vuln/search.