DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2018-12085", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2018-12085", "description": "Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.", "published": "2018-06-09T11:29:00", "modified": "2020-08-24T17:37:00", "epss": [{"cve": "CVE-2018-12085", "epss": 0.00535, "percentile": 0.73922, "modified": "2023-06-23"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12085", "reporter": "cve@mitre.org", "references": ["https://github.com/liblouis/liblouis/issues/595", "https://usn.ubuntu.com/3782-1/", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html"], "cvelist": ["CVE-2018-11440", "CVE-2018-12085"], "immutableFields": [], "lastseen": "2023-06-23T14:16:04", "viewCount": 111, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1708"]}, {"type": "amazon", "idList": ["ALAS2-2020-1524", "ALAS2-2023-1941"]}, {"type": "cve", "idList": ["CVE-2018-11440", "CVE-2018-11683"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-11440", "DEBIANCVE:CVE-2018-11683", "DEBIANCVE:CVE-2018-12085"]}, {"type": "fedora", "idList": ["FEDORA:7DA3560062FB"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1524.NASL", "AL2_ALAS-2023-1941.NASL", "ALMA_LINUX_ALSA-2020-1708.NASL", "CENTOS8_RHSA-2020-1708.NASL", "EULEROS_SA-2018-1222.NASL", "EULEROS_SA-2018-1228.NASL", "MACOSX_WIRESHARK_2_6_4.NASL", "OPENSUSE-2018-1039.NASL", "OPENSUSE-2019-1160.NASL", "REDHAT-RHSA-2020-1708.NASL", "SUSE_SU-2018-2780-1.NASL", "SUSE_SU-2019-0795-1.NASL", "UBUNTU_USN-3669-1.NASL", "UBUNTU_USN-3782-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843671", "OPENVAS:1361412562310843716", "OPENVAS:1361412562310851903", "OPENVAS:1361412562310852405", "OPENVAS:1361412562310875154", "OPENVAS:1361412562311220181222", "OPENVAS:1361412562311220181228"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1708"]}, {"type": "redhat", "idList": ["RHSA-2020:1708"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-11440", "RH:CVE-2018-11683", "RH:CVE-2018-12085"]}, {"type": "rocky", "idList": ["RLSA-2020:1708"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2819-1", "OPENSUSE-SU-2019:1160-1"]}, {"type": "ubuntu", "idList": ["USN-3669-1", "USN-3782-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-11440", "UB:CVE-2018-11683", "UB:CVE-2018-12085"]}, {"type": "veracode", "idList": ["VERACODE:25097"]}]}, "score": {"value": 4.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1708"]}, {"type": "amazon", "idList": ["ALAS2-2020-1524"]}, {"type": "cve", "idList": ["CVE-2018-11440"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-12085"]}, {"type": "fedora", "idList": ["FEDORA:7DA3560062FB"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-1039.NASL", "SUSE_SU-2018-2780-1.NASL", "UBUNTU_USN-3782-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851903", "OPENVAS:1361412562310875154"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1708"]}, {"type": "redhat", "idList": ["RHSA-2020:1708"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-12085"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2819-1"]}, {"type": "ubuntu", "idList": ["USN-3782-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-12085"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "liblouis", "version": 3}, {"name": "canonical ubuntu linux", "version": 16}, {"name": "canonical ubuntu linux", "version": 18}, {"name": "canonical ubuntu linux", "version": 14}, {"name": "opensuse leap", "version": 15}]}, "epss": [{"cve": "CVE-2018-12085", "epss": 0.00337, "percentile": 0.66981, "modified": "2023-05-06"}], "vulnersScore": 4.4}, "_state": {"dependencies": 1687529980, "score": 1687530323, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "a9b4d62f5ef55372d9f2a537e19efbca"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:opensuse:leap:15.0", "cpe:/a:liblouis:liblouis:3.6.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"], "cwe": ["CWE-787"], "affectedSoftware": [{"cpeName": "liblouis:liblouis", "version": "3.6.0", "operator": "eq", "name": "liblouis"}, {"cpeName": "canonical:ubuntu_linux", "version": "16.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "14.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "18.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "opensuse:leap", "version": "15.0", "operator": "eq", "name": "opensuse leap"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:liblouis:liblouis:3.6.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/liblouis/liblouis/issues/595", "name": "https://github.com/liblouis/liblouis/issues/595", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3782-1/", "name": "USN-3782-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html", "name": "openSUSE-SU-2019:1160", "refsource": "SUSE", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Canonical", "product": "Ubuntu_linux"}, {"vendor": "Opensuse", "product": "Leap"}, {"vendor": "Liblouis", "product": "Liblouis"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"redhatcve": [{"lastseen": "2023-04-06T08:29:13", "description": "Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-11T17:48:51", "type": "redhatcve", "title": "CVE-2018-12085", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-12085"], "modified": "2023-04-06T05:32:38", "id": "RH:CVE-2018-12085", "href": "https://access.redhat.com/security/cve/cve-2018-12085", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-06T05:24:39", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-28T07:25:43", "type": "redhatcve", "title": "CVE-2018-11440", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440"], "modified": "2023-04-06T05:10:58", "id": "RH:CVE-2018-11440", "href": "https://access.redhat.com/security/cve/cve-2018-11440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-06T05:24:33", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-07T16:19:54", "type": "redhatcve", "title": "CVE-2018-11683", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-11683"], "modified": "2023-04-06T05:12:36", "id": "RH:CVE-2018-11683", "href": "https://access.redhat.com/security/cve/cve-2018-11683", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-23T14:38:37", "description": "Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-09T11:29:00", "type": "debiancve", "title": "CVE-2018-12085", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-12085"], "modified": "2018-06-09T11:29:00", "id": "DEBIANCVE:CVE-2018-12085", "href": "https://security-tracker.debian.org/tracker/CVE-2018-12085", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T14:38:37", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-25T11:29:00", "type": "debiancve", "title": "CVE-2018-11440", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440"], "modified": "2018-05-25T11:29:00", "id": "DEBIANCVE:CVE-2018-11440", "href": "https://security-tracker.debian.org/tracker/CVE-2018-11440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T14:38:37", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-04T06:29:00", "type": "debiancve", "title": "CVE-2018-11683", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-11683"], "modified": "2018-06-04T06:29:00", "id": "DEBIANCVE:CVE-2018-11683", "href": "https://security-tracker.debian.org/tracker/CVE-2018-11683", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T14:44:56", "description": "Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars\nin compileTranslationTable.c, a different vulnerability than\nCVE-2018-11440.\n\n#### Bugs\n\n * <https://github.com/liblouis/liblouis/issues/595>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901202>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-09T00:00:00", "type": "ubuntucve", "title": "CVE-2018-12085", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-12085"], "modified": "2018-06-09T00:00:00", "id": "UB:CVE-2018-12085", "href": "https://ubuntu.com/security/CVE-2018-12085", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-29T14:45:34", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars\nin compileTranslationTable.c.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900085>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-25T00:00:00", "type": "ubuntucve", "title": "CVE-2018-11440", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440"], "modified": "2018-05-25T00:00:00", "id": "UB:CVE-2018-11440", "href": "https://ubuntu.com/security/CVE-2018-11440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T14:09:59", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars\nin compileTranslationTable.c, a different vulnerability than\nCVE-2018-11440.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-04T00:00:00", "type": "ubuntucve", "title": "CVE-2018-11683", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-11683"], "modified": "2018-06-04T00:00:00", "id": "UB:CVE-2018-11683", "href": "https://ubuntu.com/security/CVE-2018-11683", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-27T10:14:48", "description": "liblouis is vulnerable to arbitrary code execution. The vulnerability exists through a stack-based buffer overflow in compileTranslationTable.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-29T02:39:34", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12085"], "modified": "2022-04-19T18:37:35", "id": "VERACODE:25097", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25097/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-08T00:00:00", "type": "openvas", "title": "Fedora Update for liblouis FEDORA-2018-70fac49405", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12085", "CVE-2018-17294"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_70fac49405_liblouis_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for liblouis FEDORA-2018-70fac49405\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875154\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-08 08:25:24 +0200 (Mon, 08 Oct 2018)\");\n script_cve_id(\"CVE-2018-17294\", \"CVE-2018-12085\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for liblouis FEDORA-2018-70fac49405\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"liblouis on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-70fac49405\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XU2KNDF6IWKN6LGPS7WEVRNODJURVTVT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.6.2~16.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for liblouis USN-3782-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12085", "CVE-2018-17294"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3782_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for liblouis USN-3782-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843671\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-12085\", \"CVE-2018-17294\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:05:08 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for liblouis USN-3782-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3782-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3782-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the USN-3782-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Henri Salo discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-12085)\n\nIt was discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294)\");\n\n script_tag(name:\"affected\", value:\"liblouis on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"2.5.3-2ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis2\", ver:\"2.5.3-2ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"3.5.0-1ubuntu0.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis14\", ver:\"3.5.0-1ubuntu0.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"2.6.4-2ubuntu0.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis9\", ver:\"2.6.4-2ubuntu0.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:38:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for liblouis (openSUSE-SU-2018:2819-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11684", "CVE-2018-11440", "CVE-2018-11685", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-12085"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851903", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851903", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851903\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-25 08:19:53 +0200 (Tue, 25 Sep 2018)\");\n script_cve_id(\"CVE-2018-11440\", \"CVE-2018-11577\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\", \"CVE-2018-12085\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for liblouis (openSUSE-SU-2018:2819-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for liblouis fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (bsc#1095189)\n\n - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c\n (bsc#1095945)\n\n - CVE-2018-11683: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1095827)\n\n - CVE-2018-11684: Fixed stack-based buffer overflow in the function\n includeFile() in compileTranslationTable.c (bsc#1095826)\n\n - CVE-2018-11685: Fixed a stack-based buffer overflow in the function\n compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\n - CVE-2018-12085: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1097103)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1039=1\");\n\n script_tag(name:\"affected\", value:\"liblouis on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2819-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-data\", rpm:\"liblouis-data~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-debugsource\", rpm:\"liblouis-debugsource~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-devel\", rpm:\"liblouis-devel~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-doc\", rpm:\"liblouis-doc~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-tools\", rpm:\"liblouis-tools~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-tools-debuginfo\", rpm:\"liblouis-tools-debuginfo~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis9\", rpm:\"liblouis9~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis9-debuginfo\", rpm:\"liblouis9-debuginfo~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-louis\", rpm:\"python-louis~2.6.4~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:51:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for liblouis (openSUSE-SU-2019:1160-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11684", "CVE-2018-11440", "CVE-2018-11685", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-12085", "CVE-2018-11410", "CVE-2018-17294"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852405", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852405\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-11410\", \"CVE-2018-11440\", \"CVE-2018-11577\", \"CVE-2018-11683\",\n \"CVE-2018-11684\", \"CVE-2018-11685\", \"CVE-2018-12085\", \"CVE-2018-17294\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-06 02:01:12 +0000 (Sat, 06 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for liblouis (openSUSE-SU-2019:1160-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1160-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the openSUSE-SU-2019:1160-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for liblouis fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput\n function which could allow a remote attacker to cause Denail of Service\n (bsc#1109319).\n\n - CVE-2018-11410: Fixed an invalid free in the compileRule function in\n compileTranslationTable.c (bsc#1094685)\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (bsc#1095189)\n\n - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c\n (bsc#1095945)\n\n - CVE-2018-11683: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1095827)\n\n - CVE-2018-11684: Fixed stack-based buffer overflow in the function\n includeFile() in compileTranslationTable.c (bsc#1095826)\n\n - CVE-2018-11685: Fixed a stack-based buffer overflow in the function\n compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\n - CVE-2018-12085: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1097103)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1160=1\");\n\n script_tag(name:\"affected\", value:\"'liblouis' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-data\", rpm:\"liblouis-data~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-debuginfo\", rpm:\"liblouis-debuginfo~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-debugsource\", rpm:\"liblouis-debugsource~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-devel\", rpm:\"liblouis-devel~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-doc\", rpm:\"liblouis-doc~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-tools\", rpm:\"liblouis-tools~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-tools-debuginfo\", rpm:\"liblouis-tools-debuginfo~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis14\", rpm:\"liblouis14~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis14-debuginfo\", rpm:\"liblouis14-debuginfo~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-louis\", rpm:\"python3-louis~3.3.0~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for liblouis USN-3669-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11410"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843716", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3669_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for liblouis USN-3669-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843716\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-11410\", \"CVE-2018-11440\", \"CVE-2018-11577\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:10:42 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for liblouis USN-3669-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3669-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3669-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the USN-3669-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410)\n\nIt was discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this to execute arbitrary code.\n(CVE-2018-11440)\n\nIt was discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this to cause a denial of service or\nexecute arbitrary code. (CVE-2018-11577)\");\n\n script_tag(name:\"affected\", value:\"liblouis on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"2.5.3-2ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis2\", ver:\"2.5.3-2ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"3.0.0-3ubuntu1.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis12\", ver:\"3.0.0-3ubuntu1.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"3.5.0-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis14\", ver:\"3.5.0-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"2.6.4-2ubuntu0.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis9\", ver:\"2.6.4-2ubuntu0.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2018-1228)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11684", "CVE-2018-11440", "CVE-2018-11685", "CVE-2018-11683"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181228", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1228\");\n script_version(\"2020-01-23T11:18:05+0000\");\n script_cve_id(\"CVE-2018-11440\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:18:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:18:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2018-1228)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1228\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1228\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'liblouis' package(s) announced via the EulerOS-SA-2018-1228 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.(CVE-2018-11440)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.(CVE-2018-11683)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.(CVE-2018-11684)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.(CVE-2018-11685)\");\n\n script_tag(name:\"affected\", value:\"'liblouis' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.5.2~12.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-python\", rpm:\"liblouis-python~2.5.2~12.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:41:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2018-1222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11684", "CVE-2018-11440", "CVE-2018-11685", "CVE-2018-11683"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181222", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181222", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1222\");\n script_version(\"2020-01-23T11:17:56+0000\");\n script_cve_id(\"CVE-2018-11440\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2018-1222)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1222\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1222\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'liblouis' package(s) announced via the EulerOS-SA-2018-1222 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.(CVE-2018-11440)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.(CVE-2018-11683)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.(CVE-2018-11684)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.(CVE-2018-11685)\");\n\n script_tag(name:\"affected\", value:\"'liblouis' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.5.2~12.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-python\", rpm:\"liblouis-python~2.5.2~12.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary brail le, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables t hat support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis has features to support screen-reading programs. This has led to i ts use in two open-source screen readers, NVDA and Orca. It is also used in so me commercial assistive technology applications for example by ViewPlus. Liblouis is based on the translation routines in the BRLTTY screen reader f or Linux. It has, however, gone far beyond these routines. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-07T22:16:38", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: liblouis-2.6.2-16.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12085", "CVE-2018-17294"], "modified": "2018-10-07T22:16:38", "id": "FEDORA:7DA3560062FB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XU2KNDF6IWKN6LGPS7WEVRNODJURVTVT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-06-23T15:48:48", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * liblouis \\- Braille translation library - utilities\n\nHenri Salo discovered that Liblouis incorrectly handled certain files. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2018-12085)\n\nIt was discovered that Liblouis incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-03T00:00:00", "type": "ubuntu", "title": "Liblouis vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12085", "CVE-2018-17294"], "modified": "2018-10-03T00:00:00", "id": "USN-3782-1", "href": "https://ubuntu.com/security/notices/USN-3782-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T15:50:30", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 17.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * liblouis \\- Braille translation library - utilities\n\nIt was discovered that Liblouis incorrectly handled certain files. \nAn attacker could possibly use this to cause a denial of service. \nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410)\n\nIt was discovered that Liblouis incorrectly handled certain files. \nAn attacker could possibly use this to execute arbitrary code. \n(CVE-2018-11440)\n\nIt was discovered that Liblouis incorrectly handled certain files. \nAn attacker could possibly use this to cause a denial of service or \nexecute arbitrary code. (CVE-2018-11577)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-04T00:00:00", "type": "ubuntu", "title": "Liblouis vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11410", "CVE-2018-11440", "CVE-2018-11577"], "modified": "2018-06-04T00:00:00", "id": "USN-3669-1", "href": "https://ubuntu.com/security/notices/USN-3669-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-06-23T15:29:11", "description": "**Issue Overview:**\n\nLiblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. (CVE-2018-11684)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)\n\nLiblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\n \n**Affected Packages:** \n\n\ngeronimo-jaxrpc\n\n \n**Issue Correction:** \nRun _yum update geronimo-jaxrpc_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 geronimo-jaxrpc-2.1-14.amzn2.noarch \n \u00a0\u00a0\u00a0 geronimo-jaxrpc-javadoc-2.1-14.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 geronimo-jaxrpc-2.1-14.amzn2.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-11577](<https://access.redhat.com/security/cve/CVE-2018-11577>), [CVE-2018-11684](<https://access.redhat.com/security/cve/CVE-2018-11684>), [CVE-2018-11685](<https://access.redhat.com/security/cve/CVE-2018-11685>), [CVE-2018-12085](<https://access.redhat.com/security/cve/CVE-2018-12085>)\n\nMitre: [CVE-2018-11577](<https://vulners.com/cve/CVE-2018-11577>), [CVE-2018-11684](<https://vulners.com/cve/CVE-2018-11684>), [CVE-2018-11685](<https://vulners.com/cve/CVE-2018-11685>), [CVE-2018-12085](<https://vulners.com/cve/CVE-2018-12085>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T18:14:00", "type": "amazon", "title": "Medium: geronimo-jaxrpc", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2020-10-22T22:35:00", "id": "ALAS2-2020-1524", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1524.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T23:10:39", "description": "**Issue Overview:**\n\nLiblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. (CVE-2018-11684)\n\nLiblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)\n\nLiblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\n \n**Affected Packages:** \n\n\nliblouis\n\n \n**Issue Correction:** \nRun _yum update liblouis_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 liblouis-2.6.2-21.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 liblouis-devel-2.6.2-21.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 liblouis-utils-2.6.2-21.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 liblouis-debuginfo-2.6.2-21.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 liblouis-2.6.2-21.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 liblouis-devel-2.6.2-21.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 liblouis-utils-2.6.2-21.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 liblouis-debuginfo-2.6.2-21.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 python2-louis-2.6.2-21.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 python3-louis-2.6.2-21.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 liblouis-doc-2.6.2-21.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 liblouis-2.6.2-21.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 liblouis-2.6.2-21.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 liblouis-devel-2.6.2-21.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 liblouis-utils-2.6.2-21.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 liblouis-debuginfo-2.6.2-21.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-11577](<https://access.redhat.com/security/cve/CVE-2018-11577>), [CVE-2018-11684](<https://access.redhat.com/security/cve/CVE-2018-11684>), [CVE-2018-11685](<https://access.redhat.com/security/cve/CVE-2018-11685>), [CVE-2018-12085](<https://access.redhat.com/security/cve/CVE-2018-12085>)\n\nMitre: [CVE-2018-11577](<https://vulners.com/cve/CVE-2018-11577>), [CVE-2018-11684](<https://vulners.com/cve/CVE-2018-11684>), [CVE-2018-11685](<https://vulners.com/cve/CVE-2018-11685>), [CVE-2018-12085](<https://vulners.com/cve/CVE-2018-12085>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-02-17T00:11:00", "type": "amazon", "title": "Medium: liblouis", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2023-02-22T01:54:00", "id": "ALAS2-2023-1941", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-1941.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-09-10T16:45:57", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1708 advisory.\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : liblouis (ELSA-2020-1708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:liblouis", "p-cpe:/a:oracle:linux:python3-louis"], "id": "ORACLELINUX_ELSA-2020-1708.NASL", "href": "https://www.tenable.com/plugins/nessus/180883", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-1708.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180883);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2018-11577\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\",\n \"CVE-2018-12085\"\n );\n\n script_name(english:\"Oracle Linux 8 : liblouis (ELSA-2020-1708)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-1708 advisory.\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in\n compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c,\n a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-1708.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis and / or python3-louis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-louis\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'python3-louis-2.6.2-21.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblouis / python3-louis');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:11", "description": "Henri Salo discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-12085)\n\nIt was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : liblouis vulnerabilities (USN-3782-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12085", "CVE-2018-17294"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liblouis-bin", "p-cpe:/a:canonical:ubuntu_linux:liblouis14", "p-cpe:/a:canonical:ubuntu_linux:liblouis2", "p-cpe:/a:canonical:ubuntu_linux:liblouis9", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3782-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117915", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3782-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117915);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-12085\", \"CVE-2018-17294\");\n script_xref(name:\"USN\", value:\"3782-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : liblouis vulnerabilities (USN-3782-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Henri Salo discovered that Liblouis incorrectly handled certain files.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-12085)\n\nIt was discovered that Liblouis incorrectly handled certain files. An\nattacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3782-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liblouis-bin\", pkgver:\"2.5.3-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liblouis2\", pkgver:\"2.5.3-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liblouis-bin\", pkgver:\"2.6.4-2ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liblouis9\", pkgver:\"2.6.4-2ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"liblouis-bin\", pkgver:\"3.5.0-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"liblouis14\", pkgver:\"3.5.0-1ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis-bin / liblouis14 / liblouis2 / liblouis9\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:05", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:1708 advisory.\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : liblouis (ALSA-2020:1708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:liblouis", "p-cpe:/a:alma:linux:python3-louis", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-1708.NASL", "href": "https://www.tenable.com/plugins/nessus/157685", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:1708.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157685);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2018-11577\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\",\n \"CVE-2018-12085\"\n );\n script_xref(name:\"ALSA\", value:\"2020:1708\");\n\n script_name(english:\"AlmaLinux 8 : liblouis (ALSA-2020:1708)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2020:1708 advisory.\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in\n compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c,\n a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-1708.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis and / or python3-louis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblouis / python3-louis');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:08", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1524 advisory.\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.\n (CVE-2018-11440)\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : geronimo-jaxrpc (ALAS-2020-1524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:geronimo-jaxrpc", "p-cpe:/a:amazon:linux:geronimo-jaxrpc-javadoc", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1524.NASL", "href": "https://www.tenable.com/plugins/nessus/141977", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1524.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141977);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\n \"CVE-2018-11440\",\n \"CVE-2018-11577\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\",\n \"CVE-2018-12085\"\n );\n script_bugtraq_id(104321);\n script_xref(name:\"ALAS\", value:\"2020-1524\");\n\n script_name(english:\"Amazon Linux 2 : geronimo-jaxrpc (ALAS-2020-1524)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1524 advisory.\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.\n (CVE-2018-11440)\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in\n compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c,\n a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1524.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12085\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update geronimo-jaxrpc' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:geronimo-jaxrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:geronimo-jaxrpc-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'geronimo-jaxrpc-2.1-14.amzn2', 'release':'AL2'},\n {'reference':'geronimo-jaxrpc-javadoc-2.1-14.amzn2', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"geronimo-jaxrpc / geronimo-jaxrpc-javadoc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T20:35:07", "description": "The version of liblouis installed on the remote host is prior to 2.6.2-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1941 advisory.\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : liblouis (ALAS-2023-1941)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2023-09-01T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:liblouis", "p-cpe:/a:amazon:linux:liblouis-debuginfo", "p-cpe:/a:amazon:linux:liblouis-devel", "p-cpe:/a:amazon:linux:liblouis-doc", "p-cpe:/a:amazon:linux:liblouis-utils", "p-cpe:/a:amazon:linux:python2-louis", "p-cpe:/a:amazon:linux:python3-louis", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-1941.NASL", "href": "https://www.tenable.com/plugins/nessus/171836", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-1941.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171836);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/01\");\n\n script_cve_id(\n \"CVE-2018-11577\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\",\n \"CVE-2018-12085\"\n );\n\n script_name(english:\"Amazon Linux 2 : liblouis (ALAS-2023-1941)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of liblouis installed on the remote host is prior to 2.6.2-21. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2023-1941 advisory.\n\n - Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.\n (CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in\n compileTranslationTable.c. (CVE-2018-11685)\n\n - Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c,\n a different vulnerability than CVE-2018-11440. (CVE-2018-12085)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-1941.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-11577.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-11684.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-11685.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-12085.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update liblouis' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:liblouis-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:liblouis-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:liblouis-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python2-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'liblouis-2.6.2-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-debuginfo-2.6.2-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-debuginfo-2.6.2-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-debuginfo-2.6.2-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-devel-2.6.2-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-devel-2.6.2-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-devel-2.6.2-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-doc-2.6.2-21.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-utils-2.6.2-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-utils-2.6.2-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-utils-2.6.2-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-louis-2.6.2-21.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis / liblouis-debuginfo / liblouis-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:12", "description": "This update for liblouis, python-louis, python3-louis fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189)\n\nCVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945)\n\nCVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827)\n\nCVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826)\n\nCVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\nCVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2018:2780-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:liblouis-data", "p-cpe:/a:novell:suse_linux:liblouis-debugsource", "p-cpe:/a:novell:suse_linux:liblouis9", "p-cpe:/a:novell:suse_linux:liblouis9-debuginfo", "p-cpe:/a:novell:suse_linux:python-louis", "p-cpe:/a:novell:suse_linux:python3-louis", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2780-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2780-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117662);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-11440\", \"CVE-2018-11577\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\", \"CVE-2018-12085\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2018:2780-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for liblouis, python-louis, python3-louis fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\nCVE-2018-11440: Fixed a stack-based buffer overflow in the function\nparseChars() in compileTranslationTable.c (bsc#1095189)\n\nCVE-2018-11577: Fixed a segmentation fault in lou_logPrint in\nlogging.c (bsc#1095945)\n\nCVE-2018-11683: Fixed a stack-based buffer overflow in the function\nparseChars() in compileTranslationTable.c (different vulnerability\nthan CVE-2018-11440) (bsc#1095827)\n\nCVE-2018-11684: Fixed stack-based buffer overflow in the function\nincludeFile() in compileTranslationTable.c (bsc#1095826)\n\nCVE-2018-11685: Fixed a stack-based buffer overflow in the function\ncompileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\nCVE-2018-12085: Fixed a stack-based buffer overflow in the function\nparseChars() in compileTranslationTable.c (different vulnerability\nthan CVE-2018-11440) (bsc#1097103)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11440/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11685/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12085/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182780-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?204fc2d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1944=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1944=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1944=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis-data-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis-debugsource-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis9-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis9-debuginfo-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-louis-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-louis-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis-data-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis-debugsource-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis9-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis9-debuginfo-2.6.4-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-louis-2.6.4-6.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:30", "description": "This update for liblouis fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189)\n\n - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945)\n\n - CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827)\n\n - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826)\n\n - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\n - CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2018-09-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : liblouis (openSUSE-2018-1039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:liblouis-data", "p-cpe:/a:novell:opensuse:liblouis-debugsource", "p-cpe:/a:novell:opensuse:liblouis-devel", "p-cpe:/a:novell:opensuse:liblouis-tools", "p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo", "p-cpe:/a:novell:opensuse:liblouis9", "p-cpe:/a:novell:opensuse:liblouis9-debuginfo", "p-cpe:/a:novell:opensuse:python-louis", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1039.NASL", "href": "https://www.tenable.com/plugins/nessus/117687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1039.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117687);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11440\", \"CVE-2018-11577\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\", \"CVE-2018-12085\");\n\n script_name(english:\"openSUSE Security Update : liblouis (openSUSE-2018-1039)\");\n script_summary(english:\"Check for the openSUSE-2018-1039 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for liblouis fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in\n the function parseChars() in compileTranslationTable.c\n (bsc#1095189)\n\n - CVE-2018-11577: Fixed a segmentation fault in\n lou_logPrint in logging.c (bsc#1095945)\n\n - CVE-2018-11683: Fixed a stack-based buffer overflow in\n the function parseChars() in compileTranslationTable.c\n (different vulnerability than CVE-2018-11440)\n (bsc#1095827)\n\n - CVE-2018-11684: Fixed stack-based buffer overflow in the\n function includeFile() in compileTranslationTable.c\n (bsc#1095826)\n\n - CVE-2018-11685: Fixed a stack-based buffer overflow in\n the function compileHyphenation() in\n compileTranslationTable.c (bsc#1095825)\n\n - CVE-2018-12085: Fixed a stack-based buffer overflow in\n the function parseChars() in compileTranslationTable.c\n (different vulnerability than CVE-2018-11440)\n (bsc#1097103)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-data-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-debugsource-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-devel-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-tools-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-tools-debuginfo-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis9-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis9-debuginfo-2.6.4-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-louis-2.6.4-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis-data / liblouis-debugsource / liblouis-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:25", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1708 advisory.\n\n - liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n - liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c (CVE-2018-11684)\n\n - liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c (CVE-2018-11685)\n\n - liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "RHEL 8 : liblouis (RHSA-2020:1708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:liblouis", "p-cpe:/a:redhat:enterprise_linux:python3-louis"], "id": "REDHAT-RHSA-2020-1708.NASL", "href": "https://www.tenable.com/plugins/nessus/143016", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1708. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143016);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-11577\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\",\n \"CVE-2018-12085\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1708\");\n\n script_name(english:\"RHEL 8 : liblouis (RHSA-2020:1708)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1708 advisory.\n\n - liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n - liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c\n (CVE-2018-11684)\n\n - liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c\n (CVE-2018-11685)\n\n - liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1585905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1588631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1588636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1589940\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis and / or python3-louis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(121, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-louis\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'liblouis-2.6.2-21.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'liblouis-2.6.2-21.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'liblouis-2.6.2-21.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'liblouis-2.6.2-21.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblouis / python3-louis');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:44", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1708 advisory.\n\n - liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n - liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c (CVE-2018-11684)\n\n - liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c (CVE-2018-11685)\n\n - liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : liblouis (CESA-2020:1708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:liblouis", "p-cpe:/a:centos:centos:python3-louis"], "id": "CENTOS8_RHSA-2020-1708.NASL", "href": "https://www.tenable.com/plugins/nessus/145823", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1708. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145823);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2018-11577\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\",\n \"CVE-2018-12085\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1708\");\n\n script_name(english:\"CentOS 8 : liblouis (CESA-2020:1708)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:1708 advisory.\n\n - liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n - liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c\n (CVE-2018-11684)\n\n - liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c\n (CVE-2018-11685)\n\n - liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1708\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis and / or python3-louis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-louis\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'liblouis-2.6.2-21.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-louis-2.6.2-21.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblouis / python3-louis');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:32", "description": "This update for liblouis fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319).\n\n - CVE-2018-11410: Fixed an invalid free in the compileRule function in compileTranslationTable.c (bsc#1094685)\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189)\n\n - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945)\n\n - CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827)\n\n - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826)\n\n - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\n - CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : liblouis (openSUSE-2019-1160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11410", "CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085", "CVE-2018-17294"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:liblouis-data", "p-cpe:/a:novell:opensuse:liblouis-debuginfo", "p-cpe:/a:novell:opensuse:liblouis-debugsource", "p-cpe:/a:novell:opensuse:liblouis-devel", "p-cpe:/a:novell:opensuse:liblouis-tools", "p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo", "p-cpe:/a:novell:opensuse:liblouis14", "p-cpe:/a:novell:opensuse:liblouis14-debuginfo", "p-cpe:/a:novell:opensuse:python3-louis", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1160.NASL", "href": "https://www.tenable.com/plugins/nessus/123815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123815);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11410\", \"CVE-2018-11440\", \"CVE-2018-11577\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\", \"CVE-2018-12085\", \"CVE-2018-17294\");\n\n script_name(english:\"openSUSE Security Update : liblouis (openSUSE-2019-1160)\");\n script_summary(english:\"Check for the openSUSE-2019-1160 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for liblouis fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-17294: Fixed an out of bounds read in\n matchCurrentInput function which could allow a remote\n attacker to cause Denail of Service (bsc#1109319).\n\n - CVE-2018-11410: Fixed an invalid free in the compileRule\n function in compileTranslationTable.c (bsc#1094685)\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in\n the function parseChars() in compileTranslationTable.c\n (bsc#1095189)\n\n - CVE-2018-11577: Fixed a segmentation fault in\n lou_logPrint in logging.c (bsc#1095945)\n\n - CVE-2018-11683: Fixed a stack-based buffer overflow in\n the function parseChars() in compileTranslationTable.c\n (different vulnerability than CVE-2018-11440)\n (bsc#1095827)\n\n - CVE-2018-11684: Fixed stack-based buffer overflow in the\n function includeFile() in compileTranslationTable.c\n (bsc#1095826)\n\n - CVE-2018-11685: Fixed a stack-based buffer overflow in\n the function compileHyphenation() in\n compileTranslationTable.c (bsc#1095825)\n\n - CVE-2018-12085: Fixed a stack-based buffer overflow in\n the function parseChars() in compileTranslationTable.c\n (different vulnerability than CVE-2018-11440)\n (bsc#1097103)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109319\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis14-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis-data-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis-debuginfo-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis-debugsource-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis-devel-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis-tools-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis-tools-debuginfo-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis14-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"liblouis14-debuginfo-3.3.0-lp150.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-louis-3.3.0-lp150.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis-data / liblouis-debuginfo / liblouis-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:09:44", "description": "This update for liblouis fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319).\n\nCVE-2018-11410: Fixed an invalid free in the compileRule function in compileTranslationTable.c (bsc#1094685)\n\nCVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189)\n\nCVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945)\n\nCVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827)\n\nCVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826)\n\nCVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\nCVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : liblouis (SUSE-SU-2019:0795-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11410", "CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085", "CVE-2018-17294"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:liblouis-data", "p-cpe:/a:novell:suse_linux:liblouis-debuginfo", "p-cpe:/a:novell:suse_linux:liblouis-debugsource", "p-cpe:/a:novell:suse_linux:liblouis-devel", "p-cpe:/a:novell:suse_linux:liblouis-doc", "p-cpe:/a:novell:suse_linux:liblouis-tools", "p-cpe:/a:novell:suse_linux:liblouis-tools-debuginfo", "p-cpe:/a:novell:suse_linux:liblouis14", "p-cpe:/a:novell:suse_linux:liblouis14-debuginfo", "p-cpe:/a:novell:suse_linux:python3-louis", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0795-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0795-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123501);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-11410\", \"CVE-2018-11440\", \"CVE-2018-11577\", \"CVE-2018-11683\", \"CVE-2018-11684\", \"CVE-2018-11685\", \"CVE-2018-12085\", \"CVE-2018-17294\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : liblouis (SUSE-SU-2019:0795-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for liblouis fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-17294: Fixed an out of bounds read in matchCurrentInput\nfunction which could allow a remote attacker to cause Denail of\nService (bsc#1109319).\n\nCVE-2018-11410: Fixed an invalid free in the compileRule function in\ncompileTranslationTable.c (bsc#1094685)\n\nCVE-2018-11440: Fixed a stack-based buffer overflow in the function\nparseChars() in compileTranslationTable.c (bsc#1095189)\n\nCVE-2018-11577: Fixed a segmentation fault in lou_logPrint in\nlogging.c (bsc#1095945)\n\nCVE-2018-11683: Fixed a stack-based buffer overflow in the function\nparseChars() in compileTranslationTable.c (different vulnerability\nthan CVE-2018-11440) (bsc#1095827)\n\nCVE-2018-11684: Fixed stack-based buffer overflow in the function\nincludeFile() in compileTranslationTable.c (bsc#1095826)\n\nCVE-2018-11685: Fixed a stack-based buffer overflow in the function\ncompileHyphenation() in compileTranslationTable.c (bsc#1095825)\n\nCVE-2018-12085: Fixed a stack-based buffer overflow in the function\nparseChars() in compileTranslationTable.c (different vulnerability\nthan CVE-2018-11440) (bsc#1097103)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11410/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11440/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11685/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12085/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17294/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190795-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4e11e02\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-795=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-795=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis14-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-data-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-debuginfo-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-debugsource-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-devel-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-doc-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-tools-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis-tools-debuginfo-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis14-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblouis14-debuginfo-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-louis-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-data-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-debuginfo-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-debugsource-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-devel-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-doc-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-tools-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis-tools-debuginfo-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis14-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblouis14-debuginfo-3.3.0-4.5.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-louis-3.3.0-4.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:01", "description": "It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410)\n\nIt was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.\n(CVE-2018-11440)\n\nIt was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-11577).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-05T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : liblouis vulnerabilities (USN-3669-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11410", "CVE-2018-11440", "CVE-2018-11577"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liblouis-bin", "p-cpe:/a:canonical:ubuntu_linux:liblouis12", "p-cpe:/a:canonical:ubuntu_linux:liblouis14", "p-cpe:/a:canonical:ubuntu_linux:liblouis2", "p-cpe:/a:canonical:ubuntu_linux:liblouis9", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3669-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110322", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3669-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110322);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-11410\", \"CVE-2018-11440\", \"CVE-2018-11577\");\n script_xref(name:\"USN\", value:\"3669-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : liblouis vulnerabilities (USN-3669-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Liblouis incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS. (CVE-2018-11410)\n\nIt was discovered that Liblouis incorrectly handled certain files. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-11440)\n\nIt was discovered that Liblouis incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service or\nexecute arbitrary code. (CVE-2018-11577).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3669-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liblouis-bin\", pkgver:\"2.5.3-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liblouis2\", pkgver:\"2.5.3-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liblouis-bin\", pkgver:\"2.6.4-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liblouis9\", pkgver:\"2.6.4-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"liblouis-bin\", pkgver:\"3.0.0-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"liblouis12\", pkgver:\"3.0.0-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"liblouis-bin\", pkgver:\"3.5.0-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"liblouis14\", pkgver:\"3.5.0-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis-bin / liblouis12 / liblouis14 / liblouis2 / liblouis9\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:11", "description": "According to the versions of the liblouis packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.(CVE-2018-11440)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.(CVE-2018-11683)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.(CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.(CVE-2018-11685)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : liblouis (EulerOS-SA-2018-1222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:liblouis", "p-cpe:/a:huawei:euleros:liblouis-python"], "id": "EULEROS_SA-2018-1222.NASL", "href": "https://www.tenable.com/plugins/nessus/111184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111184);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-11440\",\n \"CVE-2018-11683\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : liblouis (EulerOS-SA-2018-1222)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the liblouis packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function parseChars in\n compileTranslationTable.c.(CVE-2018-11440)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function parseChars in compileTranslationTable.c, a\n different vulnerability than\n CVE-2018-11440.(CVE-2018-11683)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function includeFile in\n compileTranslationTable.c.(CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function compileHyphenation in\n compileTranslationTable.c.(CVE-2018-11685)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1222\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0686ec0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"liblouis-2.5.2-12.h4\",\n \"liblouis-python-2.5.2-12.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:44", "description": "According to the versions of the liblouis packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.(CVE-2018-11440)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.(CVE-2018-11683)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.(CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.(CVE-2018-11685)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : liblouis (EulerOS-SA-2018-1228)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:liblouis", "p-cpe:/a:huawei:euleros:liblouis-python"], "id": "EULEROS_SA-2018-1228.NASL", "href": "https://www.tenable.com/plugins/nessus/111648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111648);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-11440\",\n \"CVE-2018-11683\",\n \"CVE-2018-11684\",\n \"CVE-2018-11685\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : liblouis (EulerOS-SA-2018-1228)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the liblouis packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function parseChars in\n compileTranslationTable.c.(CVE-2018-11440)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function parseChars in compileTranslationTable.c, a\n different vulnerability than\n CVE-2018-11440.(CVE-2018-11683)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function includeFile in\n compileTranslationTable.c.(CVE-2018-11684)\n\n - Liblouis 3.5.0 has a stack-based Buffer Overflow in the\n function compileHyphenation in\n compileTranslationTable.c.(CVE-2018-11685)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1228\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b40f0c1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"liblouis-2.5.2-12.h4\",\n \"liblouis-python-2.5.2-12.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-01T14:24:00", "description": "The version of Wireshark installed on the remote macOS / Mac OS X host is 2.4.x prior to 2.4.10 / 2.6.x prior to 2.6.4. It is, therefore, affected by multiple vulnerabilities.\n\n - A buffer overflow condition exists in OPC UA applications due to failure to handle exceptional conditions. An unauthenticated remote attacker can exploit this via carefully structured requests to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-12086)\n\n - A stack-based buffer overflow condition exists in Liblouis 3.6.0 in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440 due to failure to handle exceptional conditions. An unauthenticated remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-12585)\n\n - Multiple denial of service vulnerabilities exist in the following protocol dissectors: CoAP, IHS Discovery, the MS-WSP due to improper handling of exceptional conditions. An unauthenticated remote attacker can exploit this to cause Wireshark to crash by injecting a malformed packet onto the wire, or by convincing a user to read a malformed packet trace file.\n (CVE-2018-18225, CVE-2018-18226, CVE-2018-18227)", "cvss3": {}, "published": "2019-01-22T00:00:00", "type": "nessus", "title": "Wireshark 2.4.x < 2.4.10 / 2.6.x < 2.6.4 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11440", "CVE-2018-12086", "CVE-2018-12585", "CVE-2018-18225", "CVE-2018-18226", "CVE-2018-18227"], "modified": "2019-10-31T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "MACOSX_WIRESHARK_2_6_4.NASL", "href": "https://www.tenable.com/plugins/nessus/121309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121309);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2018-12086\",\n \"CVE-2018-12585\",\n \"CVE-2018-18225\",\n \"CVE-2018-18226\",\n \"CVE-2018-18227\"\n );\n script_bugtraq_id(105538, 105583);\n\n script_name(english:\"Wireshark 2.4.x < 2.4.10 / 2.6.x < 2.6.4 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote macOS / Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote macOS / Mac OS X\nhost is 2.4.x prior to 2.4.10 / 2.6.x prior to 2.6.4. It is,\ntherefore, affected by multiple vulnerabilities.\n\n - A buffer overflow condition exists in OPC UA applications due to\n failure to handle exceptional conditions. An unauthenticated\n remote attacker can exploit this via carefully structured requests\n to cause a denial of service condition or the execution of\n arbitrary code. (CVE-2018-12086)\n\n - A stack-based buffer overflow condition exists in Liblouis 3.6.0\n in the function parseChars in compileTranslationTable.c, a\n different vulnerability than CVE-2018-11440 due to failure to\n handle exceptional conditions. An unauthenticated remote attacker\n can exploit this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2018-12585)\n\n - Multiple denial of service vulnerabilities exist in the following\n protocol dissectors: CoAP, IHS Discovery, the MS-WSP due to\n improper handling of exceptional conditions. An unauthenticated\n remote attacker can exploit this to cause Wireshark to crash by\n injecting a malformed packet onto the wire, or by convincing a\n user to read a malformed packet trace file.\n (CVE-2018-18225, CVE-2018-18226, CVE-2018-18227)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-47.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-48.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-49.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-50.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.4.10 / 2.6.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12585\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_wireshark_installed.nbin\");\n script_require_keys(\"installed_sw/Wireshark\", \"Host/MacOSX/Version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/MacOSX/Version\");\n\napp_info = vcf::get_app_info(app:\"Wireshark\");\n\nconstraints = [\n { \"min_version\" : \"2.6.0\", \"fixed_version\" : \"2.6.4\" },\n { \"min_version\" : \"2.4.0\", \"fixed_version\" : \"2.4.10\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2018-09-24T14:08:44", "description": "This update for liblouis fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-11440: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (bsc#1095189)\n - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c\n (bsc#1095945)\n - CVE-2018-11683: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1095827)\n - CVE-2018-11684: Fixed stack-based buffer overflow in the function\n includeFile() in compileTranslationTable.c (bsc#1095826)\n - CVE-2018-11685: Fixed a stack-based buffer overflow in the function\n compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n - CVE-2018-12085: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1097103)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2018-09-24T12:18:11", "type": "suse", "title": "Security update for liblouis (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-11684", "CVE-2018-11440", "CVE-2018-11685", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-12085"], "modified": "2018-09-24T12:18:11", "id": "OPENSUSE-SU-2018:2819-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2022-11-06T10:41:13", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for liblouis fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput\n function which could allow a remote attacker to cause Denail of Service\n (bsc#1109319).\n - CVE-2018-11410: Fixed an invalid free in the compileRule function in\n compileTranslationTable.c (bsc#1094685)\n - CVE-2018-11440: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (bsc#1095189)\n - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c\n (bsc#1095945)\n - CVE-2018-11683: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1095827)\n - CVE-2018-11684: Fixed stack-based buffer overflow in the function\n includeFile() in compileTranslationTable.c (bsc#1095826)\n - CVE-2018-11685: Fixed a stack-based buffer overflow in the function\n compileHyphenation() in compileTranslationTable.c (bsc#1095825)\n - CVE-2018-12085: Fixed a stack-based buffer overflow in the function\n parseChars() in compileTranslationTable.c (different vulnerability than\n CVE-2018-11440) (bsc#1097103)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1160=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-05T00:00:00", "type": "suse", "title": "Security update for liblouis (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11410", "CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085", "CVE-2018-17294"], "modified": "2019-04-05T00:00:00", "id": "OPENSUSE-SU-2019:1160-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QCDNK5Q6ITKQTT77S47V5FM4FO26BMI5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-08-04T12:28:04", "description": "Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n* liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c (CVE-2018-11684)\n\n* liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c (CVE-2018-11685)\n\n* liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n* liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-28T09:07:17", "type": "redhat", "title": "(RHSA-2020:1708) Moderate: liblouis security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2020-04-28T10:46:25", "id": "RHSA-2020:1708", "href": "https://access.redhat.com/errata/RHSA-2020:1708", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:36", "description": "[2.6.2-21]\n- A further Coverity fix (#1602585)\n[2.6.2-20]\n- Fix buffer overruns found by Coverity (#1602585)\n[2.6.2-19]\n- Fix two issues found by Coverity (#1602585)\n[2.6.2-18]\n- Apply patch for CVE-2018-12085 (#1589942)\n[2.6.2-17]\n- Fix CVE-2018-11577 (#1585906)\n- Fix CVE-2018-11684 (#1588632)\n- Fix CVE-2018-11685 (#1588637)\n- Fix CVE-2018-12085 (#1589942)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-05T00:00:00", "type": "oraclelinux", "title": "liblouis security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2020-05-05T00:00:00", "id": "ELSA-2020-1708", "href": "http://linux.oracle.com/errata/ELSA-2020-1708.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-07-24T17:30:45", "description": "An update is available for liblouis.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nLiblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n* liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c (CVE-2018-11684)\n\n* liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c (CVE-2018-11685)\n\n* liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n* liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-28T09:07:17", "type": "rocky", "title": "liblouis security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2020-04-28T09:07:17", "id": "RLSA-2020:1708", "href": "https://errata.rockylinux.org/RLSA-2020:1708", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-09-29T11:22:24", "description": "Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n* liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c (CVE-2018-11684)\n\n* liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c (CVE-2018-11685)\n\n* liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577)\n\n* liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-28T09:07:17", "type": "almalinux", "title": "Moderate: liblouis security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11577", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085"], "modified": "2020-04-28T09:07:07", "id": "ALSA-2020:1708", "href": "https://errata.almalinux.org/8/ALSA-2020-1708.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-23T14:13:29", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-25T11:29:00", "type": "cve", "title": "CVE-2018-11440", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:liblouis:liblouis:3.5.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2018-11440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2023-06-23T14:14:23", "description": "Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-04T06:29:00", "type": "cve", "title": "CVE-2018-11683", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11440", "CVE-2018-11683"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:liblouis:liblouis:3.5.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2018-11683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11683", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}]}