DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-23218", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-23218", "description": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "published": "2022-01-14T07:15:00", "modified": "2022-11-08T13:37:00", "epss": [{"cve": "CVE-2022-23218", "epss": 0.00174, "percentile": 0.53329, "modified": "2023-06-14"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23218", "reporter": "cve@mitre.org", "references": ["https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://security.gentoo.org/glsa/202208-24", "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"], "cvelist": ["CVE-2022-23218"], "immutableFields": [], "lastseen": "2023-06-14T14:28:29", "viewCount": 186, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0896"]}, {"type": "amazon", "idList": ["ALAS-2022-1576", "ALAS2-2022-1767"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:7CCE0B0CA4C32E297BEADD4E79F7EBE9"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1643818516"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3152-1:9B676"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-23218"]}, {"type": "f5", "idList": ["F5:K52308021"]}, {"type": "fedora", "idList": ["FEDORA:57D6C304C758", "FEDORA:97A66309CD91"]}, {"type": "gentoo", "idList": ["GLSA-202208-24"]}, {"type": "ibm", "idList": ["3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "61B4E445A0F5A78F102006270381D716303602D81DEE17CDF7FBA3BB9F7660E8", "77749493A2DBD6936C13EAA63911F6136F55AE09D2D48DC2785E79841B40FED4", "85A43C6C41FE576C53B5C843A1000693B1568987B2D6E8A8433139503B995ADA", "926EC2BBAF756385F2D7D4C5C98F9F630DFB49737FCEF5BB68A74EB910687527", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "FB7767D2479CE90F8E41353C5A1CFE5538D8D792872CDAD36296F6141E41513B"]}, {"type": "mageia", "idList": ["MGASA-2022-0028"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1767.NASL", "ALA_ALAS-2022-1576.NASL", "DEBIAN_DLA-3152.NASL", "EULEROS_SA-2022-1427.NASL", "EULEROS_SA-2022-1448.NASL", "EULEROS_SA-2022-1485.NASL", "EULEROS_SA-2022-1504.NASL", "EULEROS_SA-2022-1565.NASL", "EULEROS_SA-2022-1606.NASL", "EULEROS_SA-2022-1629.NASL", "EULEROS_SA-2022-1678.NASL", "EULEROS_SA-2022-2023.NASL", "EULEROS_SA-2022-2051.NASL", "EULEROS_SA-2022-2560.NASL", "EULEROS_SA-2022-2603.NASL", "EULEROS_SA-2022-2608.NASL", "GENTOO_GLSA-202208-24.NASL", "NEWSTART_CGSL_NS-SA-2022-0085_GLIBC.NASL", "OPENSUSE-2022-0330-1.NASL", "ORACLELINUX_ELSA-2022-0896.NASL", "ORACLELINUX_ELSA-2022-9234.NASL", "ORACLELINUX_ELSA-2022-9358.NASL", "ORACLELINUX_ELSA-2022-9421.NASL", "REDHAT-RHSA-2022-0896.NASL", "SOLARIS10_148419-04.NASL", "SOLARIS10_X86_148420-04.NASL", "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "SUSE_SU-2022-0330-1.NASL", "SUSE_SU-2022-0441-1.NASL", "SUSE_SU-2022-0832-1.NASL", "SUSE_SU-2022-0909-1.NASL", "SUSE_SU-2022-14923-1.NASL", "UBUNTU_USN-5310-1.NASL", "UBUNTU_USN-5310-2.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2023", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0896", "ELSA-2022-9234", "ELSA-2022-9358", "ELSA-2022-9421"]}, {"type": "osv", "idList": ["OSV:DLA-3152-1"]}, {"type": "photon", "idList": ["PHSA-2022-0155", "PHSA-2022-0356", "PHSA-2022-0434", "PHSA-2022-0465", "PHSA-2022-3.0-0356", "PHSA-2022-4.0-0155"]}, {"type": "redhat", "idList": ["RHSA-2022:0896", "RHSA-2022:1039", "RHSA-2022:1041", "RHSA-2022:1042", "RHSA-2022:1081", "RHSA-2022:1083", "RHSA-2022:1396", "RHSA-2022:1476", "RHSA-2022:1734", "RHSA-2022:1747"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-23218"]}, {"type": "redos", "idList": ["ROS-20220323-02"]}, {"type": "rocky", "idList": ["RLSA-2022:0896"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0330-1"]}, {"type": "ubuntu", "idList": ["USN-5310-1", "USN-5310-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-23218"]}, {"type": "veracode", "idList": ["VERACODE:35036"]}]}, "score": {"value": 5.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0896"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1643818516"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-23218"]}, {"type": "fedora", "idList": ["FEDORA:57D6C304C758", "FEDORA:97A66309CD91"]}, {"type": "nessus", "idList": ["OPENSUSE-2022-0330-1.NASL", "SUSE_SU-2022-0330-1.NASL", "SUSE_SU-2022-0832-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0896"]}, {"type": "photon", "idList": ["PHSA-2022-0356"]}, {"type": "redhat", "idList": ["RHSA-2022:0896"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-23218"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0330-1"]}, {"type": "ubuntu", "idList": ["USN-5310-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-23218"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "gnu glibc", "version": 2}, {"name": "oracle enterprise operations monitor", "version": 4}, {"name": "oracle enterprise operations monitor", "version": 4}, {"name": "oracle enterprise operations monitor", "version": 5}, {"name": "oracle communications cloud native core unified data repository", "version": 22}, {"name": "debian debian linux", "version": 10}]}, "epss": [{"cve": "CVE-2022-23218", "epss": 0.00165, "percentile": 0.51735, "modified": "2023-05-02"}], "vulnersScore": 5.0}, "_state": {"dependencies": 1686763837, "score": 1686753213, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "b9de59efbfe959a51c15be02366a08a8"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:oracle:enterprise_operations_monitor:4.3", "cpe:/a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0", "cpe:/a:gnu:glibc:2.34", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:oracle:enterprise_operations_monitor:5.0", "cpe:/a:oracle:enterprise_operations_monitor:4.4"], "cpe23": ["cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*"], "cwe": ["CWE-120"], "affectedSoftware": [{"cpeName": "gnu:glibc", "version": "2.34", "operator": "le", "name": "gnu glibc"}, {"cpeName": "oracle:enterprise_operations_monitor", "version": "4.3", "operator": "eq", "name": "oracle enterprise operations monitor"}, {"cpeName": "oracle:enterprise_operations_monitor", "version": "4.4", "operator": "eq", "name": "oracle enterprise operations monitor"}, {"cpeName": "oracle:enterprise_operations_monitor", "version": "5.0", "operator": "eq", "name": "oracle enterprise operations monitor"}, {"cpeName": "oracle:communications_cloud_native_core_unified_data_repository", "version": "22.2.0", "operator": "eq", "name": "oracle communications cloud native core unified data repository"}, {"cpeName": "debian:debian_linux", "version": "10.0", "operator": "eq", "name": "debian debian linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*", "versionEndIncluding": "2.34", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", "refsource": "MISC", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "name": "N/A", "refsource": "N/A", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202208-24", "name": "GLSA-202208-24", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Gnu", "product": "Glibc"}, {"vendor": "Oracle", "product": "Enterprise_operations_monitor"}, {"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Oracle", "product": "Communications_cloud_native_core_unified_data_repository"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"ibm": [{"lastseen": "2023-06-24T06:06:40", "description": "## Summary\n\nApp Connect Professional have addressed the following vulnerability reported in GNU C Library. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Professional| 7.5.4.0 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nApp Connect Professional| 7.5.4.0| LI82583| [7540 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.4.0&platform=All&function=fixId&fixids=7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.builtDockerImage,7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.docker,7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.vcrypt2,7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.sc-linux,7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.32bit.sc-linux,7.5.4.0-WS-ACP-20220418-0554_H9_64-CUMUIFIX-028.studio,7.5.4.0-WS-ACP-20220418-0554_H9_64-CUMUIFIX-028.32bit.studio,7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.32bit.sc-win,7.5.4.0-WS-ACP-20220418-0519_H28_64-CUMUIFIX-028.sc-win,&includeSupersedes=0> \"7540 Fixcentral link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T17:13:06", "type": "ibm", "title": "Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2022-04-20T17:13:06", "id": "FB7767D2479CE90F8E41353C5A1CFE5538D8D792872CDAD36296F6141E41513B", "href": "https://www.ibm.com/support/pages/node/6573711", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:50:12", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a stack-based buffer overflow in GNU C Library (CVE-2022-23218). This is included as part of the base-image used in our Speech-to-Text and Text-to-Speech service components. Please see below for details on how to remediate this issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.7 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data **| ** 4.0.8**| **The fix in 4.0.8 applies to all versions listed (4.0.0-4.0.7). Version 4.0.8 can be downloaded and installed from: \n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=installing-cloud-pak-data> \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a stack-based buffer overflow in GNU C Library (CVE-2022-23218)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2023-01-12T21:59:00", "id": "85A43C6C41FE576C53B5C843A1000693B1568987B2D6E8A8433139503B995ADA", "href": "https://www.ibm.com/support/pages/node/6578617", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:03", "description": "## Summary\n\nMultiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. We have also identified an issue in the IBM WebSphere Application Server Liberty component that is packaged with IBM supplied MQ Advanced container images. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3521](<https://vulners.com/cve/CVE-2021-3521>) \n** DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by improper validation the binding signature of subkeys prior to importing them. By persuading a victim to add a specially-crafted subkey to a legitimate public key, an attacker could exploit this vulnerability cause the victim to trust a malicious signature. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39031](<https://vulners.com/cve/CVE-2021-39031>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MQ Operator CD Release| v1.7.0 \nIBM MQ Operator EUS Release| v1.3.2 \nIBM MQ Advanced Server Container image| v9.2.4.0-r1,9.2.0.4-r1-eus \n \n## Remediation/Fixes\n\nIssues listed by this security bulletin are addressed in IBM MQ Operator v1.8.0 CD release that included IBM supplied MQ Advanced v9.2.5.0 container images and IBM MQ Operator v1.3.3 EUS release that included IBM supplied MQ Advanced v9.2.0.5 container images.\n\nIBM MQ Operator v1.8.0 CD release details:\n\n**Image **| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| v1.8.0| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:e53a119acde5773bd052257e2a6bb9780b954fb2a33c6879328a19b333abaf3e \nibm-mqadvanced-server| 9.2.5.0-r1| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server@sha256:f12bfa6088ae7af3bcbf4377cd41818ab9160d90b232ed2d952327dea1b70e21 \nibm-mqadvanced-server-integration| 9.2.5.0-r1| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:97d8d002ff34cd2a6d07f81f9104a3b8eb6eda6626e646e32b47f0fd108c6ad1 \nibm-mqadvanced-server-dev| 9.2.5.0-r1| icr.io| icr.io/ibm-messaging/mq@sha256:8236529768dfe9ab29f5a91a20a7b4b1f9dde1b54f21ff926769fb3e929d0bcc \n \nIBM MQ Operator v1.3.3 EUS release details:\n\n**Image **| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| v1.3.3| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:ecacd486bd170ad5ac3494ef3853670cb911cfbac676e175ba8b54b72e12a340 \nibm-mqadvanced-server-integration| 9.2.0.5-r1-eus| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:7902ec5de627a7c6ea09d14ca9a672435bec9923a3d28e5c097cbe8385ba39a6 \n \nFor remediation, upgrading your current IBM MQ Operator and Queue managers to corresponding versions mentioned above will fix the vulnerabilities.\n\n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T08:18:44", "type": "ibm", "title": "Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-39031", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-05-16T08:18:44", "id": "926EC2BBAF756385F2D7D4C5C98F9F630DFB49737FCEF5BB68A74EB910687527", "href": "https://www.ibm.com/support/pages/node/6569153", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:01:10", "description": "## Summary\n\nMultiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-46143](<https://vulners.com/cve/CVE-2021-46143>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of m_groupSize in doProlog in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35942](<https://vulners.com/cve/CVE-2021-35942>) \n** DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23841](<https://vulners.com/cve/CVE-2021-23841>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the X509_issuer_and_serial_hash() function. By parsing the issuer field, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44790](<https://vulners.com/cve/CVE-2021-44790>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the mod_lua multipart parser called from Lua scripts). By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215686>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23450](<https://vulners.com/cve/CVE-2021-23450>) \n** DESCRIPTION: **Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22720](<https://vulners.com/cve/CVE-2022-22720>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are encountered discarding the request body. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-22822](<https://vulners.com/cve/CVE-2022-22822>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45960](<https://vulners.com/cve/CVE-2021-45960>) \n** DESCRIPTION: **Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Cloud Pak System | 2.3 - 2.3.3.4 \n \n\n\n## Remediation/Fixes\n\nFor unsupported releases of the product IBM recommends to upgrade to fixed supported release of the product. \n\nThis security bulletin service applies to Cloud Pak System, Cloud Pak System Software and Cloud Pak System Software Suite. \n\nFor IBM Cloud Pak System V2.3.0 through to V2.3.3.4 upgrade to V2.3.3.5 at [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.5&platform=All&function=all> \"IBM Fix Central\" )\n\nInformation on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-15T21:35:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23450", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-35942", "CVE-2021-3999", "CVE-2021-44790", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0778", "CVE-2022-22720", "CVE-2022-22822", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23852"], "modified": "2022-08-15T21:35:24", "id": "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "href": "https://www.ibm.com/support/pages/node/6612587", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T05:54:02", "description": "## Summary\n\nIBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities. These components have been updated in the latest release and the vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23308](<https://vulners.com/cve/CVE-2022-23308>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21540](<https://vulners.com/cve/CVE-2022-21540>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-25032](<https://vulners.com/cve/CVE-2018-25032>) \n** DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1154](<https://vulners.com/cve/CVE-2022-1154>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by a use-after-free in mbyte.c in utf_ptr2char. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223115](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223115>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0413](<https://vulners.com/cve/CVE-2022-0413>) \n** DESCRIPTION: **Vim could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in the skipwhite function. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218421](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218421>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0361](<https://vulners.com/cve/CVE-2022-0361>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By submitting a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0392](<https://vulners.com/cve/CVE-2022-0392>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system, modify memory, or cause a denial of service. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0359](<https://vulners.com/cve/CVE-2022-0359>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted session file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0318](<https://vulners.com/cve/CVE-2022-0318>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217941](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217941>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2022-0261](<https://vulners.com/cve/CVE-2022-0261>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-4122](<https://vulners.com/cve/CVE-2021-4122>) \n** DESCRIPTION: **Cryptsetup could allow a physical attacker to obtain sensitive information, caused by a flaw in the LUKS2 online reencryption is an optional extension. By modifying on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step, an attacker could exploit this vulnerability to decrypt part of the LUKS device to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217238](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217238>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-23177](<https://vulners.com/cve/CVE-2021-23177>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change the ACL of a file on the system and gain elevated privileges. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2022-21541](<https://vulners.com/cve/CVE-2022-21541>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Security (CP4S)| 1.10.0.0 - 1.10.2.0 \n \n \n\n\n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\nPlease upgrade to at least CP4S 1.10.3.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-28T19:52:12", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-23177", "CVE-2021-3999", "CVE-2021-4122", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-0413", "CVE-2022-1154", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308"], "modified": "2022-10-28T19:52:12", "id": "77749493A2DBD6936C13EAA63911F6136F55AE09D2D48DC2785E79841B40FED4", "href": "https://www.ibm.com/support/pages/node/6832956", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:01:46", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0261](<https://vulners.com/cve/CVE-2022-0261>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0359](<https://vulners.com/cve/CVE-2022-0359>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted session file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0392](<https://vulners.com/cve/CVE-2022-0392>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system, modify memory, or cause a denial of service. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0361](<https://vulners.com/cve/CVE-2022-0361>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By submitting a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23308](<https://vulners.com/cve/CVE-2022-23308>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-23177](<https://vulners.com/cve/CVE-2021-23177>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change the ACL of a file on the system and gain elevated privileges. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2021-31566](<https://vulners.com/cve/CVE-2021-31566>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change modes, times, access control lists, and flags of a file on the system to gain elevated privileges. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-45960](<https://vulners.com/cve/CVE-2021-45960>) \n** DESCRIPTION: **Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-46143](<https://vulners.com/cve/CVE-2021-46143>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of m_groupSize in doProlog in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22822](<https://vulners.com/cve/CVE-2022-22822>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22823](<https://vulners.com/cve/CVE-2022-22823>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216907](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216907>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22824](<https://vulners.com/cve/CVE-2022-22824>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22825](<https://vulners.com/cve/CVE-2022-22825>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216905](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216905>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22826](<https://vulners.com/cve/CVE-2022-22826>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of nextScaffoldPart in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22827](<https://vulners.com/cve/CVE-2022-22827>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of storeAtts in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25235](<https://vulners.com/cve/CVE-2022-25235>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25236](<https://vulners.com/cve/CVE-2022-25236>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25315](<https://vulners.com/cve/CVE-2022-25315>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially-crafted file, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM QRadar SIEM| 7.3.0 - 7.3.3 Fix Pack 11 \nIBM QRadar SIEM| 7.4.0 - 7.4.3 Fix Pack 5 \nIBM QRadar SIEM| 7.5.0 - 7.5.0 Update Pack 1 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nAffected Product(s)| Versions| Fix \n---|---|--- \nIBM QRadar SIEM| 7.3| [7.3.3 Fix Pack 12](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220708215012&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.3.3 Fix Pack 12\" ) \nIBM QRadar SIEM| 7.4| [7.4.3 Fix Pack 6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220531120920&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.4.3 Fix Pack 6\" ) \nIBM QRadar SIEM| 7.5| [7.5.0 Update Pack 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220527130137&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.5.0 Update Pack 2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-26T14:35:29", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23177", "CVE-2021-31566", "CVE-2021-3999", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0261", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2022-07-26T14:35:29", "id": "61B4E445A0F5A78F102006270381D716303602D81DEE17CDF7FBA3BB9F7660E8", "href": "https://www.ibm.com/support/pages/node/6607135", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T05:49:14", "description": "## Summary\n\nIBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-29824](<https://vulners.com/cve/CVE-2022-29824>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an integer overflows in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23308](<https://vulners.com/cve/CVE-2022-23308>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-36087](<https://vulners.com/cve/CVE-2021-36087>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a heap-based buffer over-read in ebitmap_match_any. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36086](<https://vulners.com/cve/CVE-2021-36086>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in cil_reset_classpermission . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36085](<https://vulners.com/cve/CVE-2021-36085>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36084](<https://vulners.com/cve/CVE-2021-36084>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-17595](<https://vulners.com/cve/CVE-2019-17595>) \n** DESCRIPTION: **GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17594](<https://vulners.com/cve/CVE-2019-17594>) \n** DESCRIPTION: **GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168970>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-20270](<https://vulners.com/cve/CVE-2021-20270>) \n** DESCRIPTION: **Pygments is vulnerable to a denial of service, caused by an infinite loop in SMLLexer. By performing syntax highlighting of an SML source file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198758>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27291](<https://vulners.com/cve/CVE-2021-27291>) \n** DESCRIPTION: **pygments is vulnerable to a denial of service. By persuading a victim to open a specially-crafted ODIN file using the \"&lt;\" character, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198308](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198308>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20673](<https://vulners.com/cve/CVE-2018-20673>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the demangle_template function in cplus-dem.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155168](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155168>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-23457](<https://vulners.com/cve/CVE-2022-23457>) \n** DESCRIPTION: **ESAPI could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)`. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass control-flow. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225192](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225192>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-24891](<https://vulners.com/cve/CVE-2022-24891>) \n** DESCRIPTION: **ESAPI is vulnerable to cross-site scripting, caused by incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-13435](<https://vulners.com/cve/CVE-2020-13435>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19603](<https://vulners.com/cve/CVE-2019-19603>) \n** DESCRIPTION: **An error during handling of CREATE TABLE and CREATE VIEW statements in SQLite has an unknown impact via a specially crafted table name. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172765](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172765>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-5827](<https://vulners.com/cve/CVE-2019-5827>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-13751](<https://vulners.com/cve/CVE-2019-13751>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by uninitialized use in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information from process memory. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172987>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-13750](<https://vulners.com/cve/CVE-2019-13750>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass defense-in-depth measures. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172986](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172986>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-36083](<https://vulners.com/cve/CVE-2022-36083>) \n** DESCRIPTION: **Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using the p2c JOSE Header Parameter, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35942](<https://vulners.com/cve/CVE-2021-35942>) \n** DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-33574](<https://vulners.com/cve/CVE-2021-33574>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a denial of service, caused by a use-after-free flaw in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27645](<https://vulners.com/cve/CVE-2021-27645>) \n** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by double-free in the nameserver caching daemon (nscd). By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197417>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-25032](<https://vulners.com/cve/CVE-2018-25032>) \n** DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23177](<https://vulners.com/cve/CVE-2021-23177>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change the ACL of a file on the system and gain elevated privileges. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2021-31566](<https://vulners.com/cve/CVE-2021-31566>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change modes, times, access control lists, and flags of a file on the system to gain elevated privileges. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-25878](<https://vulners.com/cve/CVE-2022-25878>) \n** DESCRIPTION: **Node.js protobufjs module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L) \n \n** CVEID: **[CVE-2020-12762](<https://vulners.com/cve/CVE-2020-12762>) \n** DESCRIPTION: **json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182094](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182094>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4122](<https://vulners.com/cve/CVE-2021-4122>) \n** DESCRIPTION: **Cryptsetup could allow a physical attacker to obtain sensitive information, caused by a flaw in the LUKS2 online reencryption is an optional extension. By modifying on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step, an attacker could exploit this vulnerability to decrypt part of the LUKS device to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217238](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217238>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-40528](<https://vulners.com/cve/CVE-2021-40528>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a cross-configuration attack against OpenPGP. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-33560](<https://vulners.com/cve/CVE-2021-33560>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by improper handling of ElGamal encryption. By using side-channel attack techniques against mpi_powm, and the window size, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203266](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203266>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-37616](<https://vulners.com/cve/CVE-2022-37616>) \n** DESCRIPTION: **xmldom could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the dom.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238439](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238439>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-28153](<https://vulners.com/cve/CVE-2021-28153>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by a flaw when g_file_replace() function is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink. By persuading a victim to open a specially-crafted ZIP archive, an attacker could exploit this vulnerability to overwrite arbitrary files on the sytem. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3800](<https://vulners.com/cve/CVE-2021-3800>) \n** DESCRIPTION: **GNOME GLib could allow a local attacker to obtain sensitive information, caused by a random charset alias issue. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain content from files owned by privileged users, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3572](<https://vulners.com/cve/CVE-2021-3572>) \n** DESCRIPTION: **pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208954>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-42771](<https://vulners.com/cve/CVE-2021-42771>) \n** DESCRIPTION: **Python-Babel Babel could allow a local authenticated attacker to traverse directories on the system, caused by a flaw in the Babel.Locale function. An attacker could load a specially-crafted .dat file containing \"dot dot\" sequences (/../) to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20838](<https://vulners.com/cve/CVE-2019-20838>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a buffer over-read in JIT. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14155](<https://vulners.com/cve/CVE-2020-14155>) \n** DESCRIPTION: **PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-28493](<https://vulners.com/cve/CVE-2020-28493>) \n** DESCRIPTION: **Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3200](<https://vulners.com/cve/CVE-2021-3200>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a buffer overflow in the testcase_read function. By persuading a victim to open a specially file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203837](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203837>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-25214](<https://vulners.com/cve/CVE-2021-25214>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a broken inbound incremental zone update (IXFR). By sending a specially crafted IXFR, an attacker could exploit this vulnerability to trigger a failed assertion check and terminate the named process. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200961](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200961>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-25219](<https://vulners.com/cve/CVE-2021-25219>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a flaw in response processing. By abusing a lame cache, an attacker could exploit this vulnerability to cause a named resolver to spend most of its CPU time on managing and checking the lame cache and severely degrade resolver performance. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-36049](<https://vulners.com/cve/CVE-2020-36049>) \n** DESCRIPTION: **Socket.IO socket.io-parser is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a memory consumption, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29446](<https://vulners.com/cve/CVE-2021-29446>) \n** DESCRIPTION: **jose-node-cjs-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200209](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200209>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-29445](<https://vulners.com/cve/CVE-2021-29445>) \n** DESCRIPTION: **jose-node-esm-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200210](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200210>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-29444](<https://vulners.com/cve/CVE-2021-29444>) \n** DESCRIPTION: **jose-browser-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200211](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200211>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23841](<https://vulners.com/cve/CVE-2021-23841>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the X509_issuer_and_serial_hash() function. By parsing the issuer field, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3712](<https://vulners.com/cve/CVE-2021-3712>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-3445](<https://vulners.com/cve/CVE-2021-3445>) \n** DESCRIPTION: **libdnf could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in signature verification functionality. By placing a signature in the main header, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24370](<https://vulners.com/cve/CVE-2020-24370>) \n** DESCRIPTION: **Lua is vulnerable to a denial of service, caused by a negation overflow and segmentation fault in getlocal and setlocal. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186868>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-16135](<https://vulners.com/cve/CVE-2020-16135>) \n** DESCRIPTION: **Libssh is vulnerable to a denial of service, caused by a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3634](<https://vulners.com/cve/CVE-2021-3634>) \n** DESCRIPTION: **libssh is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208281](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208281>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-32677](<https://vulners.com/cve/CVE-2021-32677>) \n** DESCRIPTION: **FastAPI is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a specially crafted Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-25893](<https://vulners.com/cve/CVE-2022-25893>) \n** DESCRIPTION: **Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the WeakMap.prototype.set method. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243455](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243455>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-36067](<https://vulners.com/cve/CVE-2022-36067>) \n** DESCRIPTION: **Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox protections bypass flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235472](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235472>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3521](<https://vulners.com/cve/CVE-2021-3521>) \n** DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by improper validation the binding signature of subkeys prior to importing them. By persuading a victim to add a specially-crafted subkey to a legitimate public key, an attacker could exploit this vulnerability cause the victim to trust a malicious signature. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-20266](<https://vulners.com/cve/CVE-2021-20266>) \n** DESCRIPTION: **RPM Project RPM is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the hdrblobInit function in lib/header.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13950](<https://vulners.com/cve/CVE-2020-13950>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted requests using both Content-Length and Transfer-Encoding headers, a remote attacker could exploit this vulnerability to crash mod_proxy_http. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.10.0.0 - 1.10.6.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nPlease upgrade to at least CP4S 1.10.7.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-01-19T13:54:16", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25032", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-13950", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-28493", "CVE-2020-36049", "CVE-2021-20266", "CVE-2021-20270", "CVE-2021-23177", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-25214", "CVE-2021-25219", "CVE-2021-27291", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-29444", "CVE-2021-29445", "CVE-2021-29446", "CVE-2021-31566", "CVE-2021-3200", "CVE-2021-32677", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3634", "CVE-2021-3712", "CVE-2021-3800", "CVE-2021-3999", "CVE-2021-40528", "CVE-2021-4122", "CVE-2021-42771", "CVE-2022-0778", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23457", "CVE-2022-24891", "CVE-2022-25878", "CVE-2022-25893", "CVE-2022-29824", "CVE-2022-36067", "CVE-2022-36083", "CVE-2022-37616"], "modified": "2023-01-19T13:54:16", "id": "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "href": "https://www.ibm.com/support/pages/node/6856409", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:54:13", "description": "## Summary\n\nNetcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-23450](<https://vulners.com/cve/CVE-2021-23450>) \n** DESCRIPTION: **Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22144](<https://vulners.com/cve/CVE-2021-22144>) \n** DESCRIPTION: **Elasticsearch is vulnerable to a denial of service, caused by an uncontrolled recursion vulnerability in the Elasticsearch Grok parser. By creating a specially crafted Grok query, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31805](<https://vulners.com/cve/CVE-2021-31805>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of specially-crafted data using the %{...} syntax, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223990](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223990>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14039](<https://vulners.com/cve/CVE-2020-14039>) \n** DESCRIPTION: **Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements during the X.509 certificate verification. An attacker could exploit this vulnerability to gain access to the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-15586](<https://vulners.com/cve/CVE-2020-15586>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16845](<https://vulners.com/cve/CVE-2020-16845>) \n** DESCRIPTION: **Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-24553](<https://vulners.com/cve/CVE-2020-24553>) \n** DESCRIPTION: **Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-28362](<https://vulners.com/cve/CVE-2020-28362>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191976>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28366](<https://vulners.com/cve/CVE-2020-28366>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191978](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191978>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-28367](<https://vulners.com/cve/CVE-2020-28367>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a argument injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191979](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191979>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29923](<https://vulners.com/cve/CVE-2021-29923>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by improper consideration for extraneous zero characters at the beginning of an IP address octet. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access control based on IP addresses. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207025](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207025>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3114](<https://vulners.com/cve/CVE-2021-3114>) \n** DESCRIPTION: **An unspecified error with the P224() Curve implementation can generate incorrect outputs in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195677](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195677>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33195](<https://vulners.com/cve/CVE-2021-33195>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-33196](<https://vulners.com/cve/CVE-2021-33196>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim to open a specially-crafted archive file, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206602](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206602>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33197](<https://vulners.com/cve/CVE-2021-33197>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop arbitrary headers, including those set by the ReverseProxy.Director. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-33198](<https://vulners.com/cve/CVE-2021-33198>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the SetString and UnmarshalText methods of math/big.Rat. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206604>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36221](<https://vulners.com/cve/CVE-2021-36221>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207036](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207036>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-38297](<https://vulners.com/cve/CVE-2021-38297>) \n** DESCRIPTION: **Golang Go is vulnerable to a buffer overflow, caused by improper bounds checking when invoking functions from WASM modules. By passing very large arguments, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39293](<https://vulners.com/cve/CVE-2021-39293>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By sending a specially-crafted archive header, a remote attacker could exploit this vulnerability to cause a panic, which results in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220196](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220196>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41771](<https://vulners.com/cve/CVE-2021-41771>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the ImportedSymbols function in debug/macho. By using specially-crafted binaries, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41772](<https://vulners.com/cve/CVE-2021-41772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the Reader.Open function. By using a specially-crafted ZIP archive containing an invalid name or an empty filename field, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213019](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213019>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>) \n** DESCRIPTION: **An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24675](<https://vulners.com/cve/CVE-2022-24675>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the program to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224866](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224866>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24921](<https://vulners.com/cve/CVE-2022-24921>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote attacker could exploit this vulnerability to cause a goroutine stack exhaustion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221503](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221503>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-28327](<https://vulners.com/cve/CVE-2022-28327>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. By sending a specially-crafted request with long scalar input, a remote attacker could exploit this vulnerability to cause a panic on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224871](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224871>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-21409](<https://vulners.com/cve/CVE-2021-21409>) \n** DESCRIPTION: **Netty is vulnerable to request smuggling, caused by improper validation of request, caused by missing validation of content-length. By sending specially-crafted request, an attacker could exploit this vulnerability to poison a web-cache, perform an XSS attack, or obtain sensitive information from request. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199150](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199150>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-21295](<https://vulners.com/cve/CVE-2021-21295>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison a web-cache, perform an XSS attack, or obtain sensitive information from request. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197999](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197999>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-21290](<https://vulners.com/cve/CVE-2021-21290>) \n** DESCRIPTION: **Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-1000023](<https://vulners.com/cve/CVE-2016-1000023>) \n** DESCRIPTION: **Minimatch is vulnerable to a denial of service, caused by a regular expression of minimatch.js. By using a specially crafted glob pattern, a remote attacker could exploit this vulnerability to cause the application to consume an overly large amount of CPU resources \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118817](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118817>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24839](<https://vulners.com/cve/CVE-2022-24839>) \n** DESCRIPTION: **Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24329](<https://vulners.com/cve/CVE-2022-24329>) \n** DESCRIPTION: **JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31566](<https://vulners.com/cve/CVE-2021-31566>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change modes, times, access control lists, and flags of a file on the system to gain elevated privileges. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-23177](<https://vulners.com/cve/CVE-2021-23177>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change the ACL of a file on the system and gain elevated privileges. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2021-3634](<https://vulners.com/cve/CVE-2021-3634>) \n** DESCRIPTION: **libssh is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208281](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208281>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-13949](<https://vulners.com/cve/CVE-2020-13949>) \n** DESCRIPTION: **Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause a large memory allocation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23308](<https://vulners.com/cve/CVE-2022-23308>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25878](<https://vulners.com/cve/CVE-2022-25878>) \n** DESCRIPTION: **Node.js protobufjs module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L) \n \n** CVEID: **[CVE-2022-0155](<https://vulners.com/cve/CVE-2022-0155>) \n** DESCRIPTION: **follow-redirects could allow a remote attacker to obtain sensitive information, caused by an unauthorized actor. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to obtain private personal information and use this information to launch further attacks against the affected system. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216974](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216974>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0536](<https://vulners.com/cve/CVE-2022-0536>) \n** DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by a leakage of the Authorization header from the same hostname during HTTPS to HTTP redirection. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to obtain Authorization header information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219551](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219551>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-44878](<https://vulners.com/cve/CVE-2021-44878>) \n** DESCRIPTION: **pac4j could allow a remote attacker to bypass security restrictions, caused by improper validation for ID Tokens with \"none\" algorithm. By injecting a specially-crafted ID token using \"none\" as the value of \"alg\" key, an attacker could exploit this vulnerability to bypass the token validation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-29622](<https://vulners.com/cve/CVE-2022-29622>) \n** DESCRIPTION: **Node.js Formidable module could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request using the filename parameter, an attacker could exploit this vulnerability to upload a malicious PDF file, which could allow the attacker to execute arbitrary code on the vulnerable system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226582](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226582>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3807](<https://vulners.com/cve/CVE-2021-3807>) \n** DESCRIPTION: **Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24785](<https://vulners.com/cve/CVE-2022-24785>) \n** DESCRIPTION: **Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafted locale string containing \"dot dot\" sequences (/../) to switch arbitrary moment locale. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-36327](<https://vulners.com/cve/CVE-2020-36327>) \n** DESCRIPTION: **Bundler could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when choosing a dependency source. By using a specially-crafted gem, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201080](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201080>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22822](<https://vulners.com/cve/CVE-2022-22822>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22823](<https://vulners.com/cve/CVE-2022-22823>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216907](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216907>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22824](<https://vulners.com/cve/CVE-2022-22824>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25235](<https://vulners.com/cve/CVE-2022-25235>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25236](<https://vulners.com/cve/CVE-2022-25236>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25315](<https://vulners.com/cve/CVE-2022-25315>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially-crafted file, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22825](<https://vulners.com/cve/CVE-2022-22825>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216905](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216905>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23358](<https://vulners.com/cve/CVE-2021-23358>) \n** DESCRIPTION: **Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the template function. By sending a specially-crafted argument using the variable property, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198958](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198958>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3765](<https://vulners.com/cve/CVE-2021-3765>) \n** DESCRIPTION: **validator.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when calling the rtrim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212669>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n\n\n## Remediation/Fixes\n\nNetcool Operations Insight v1.6.6 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nIBM strongly suggests the following remediation / fixes:\n\nPlease go to [https://www.ibm.com/docs/en/noi/1.6.6?topic=installing](<https://www.ibm.com/docs/en/noi/1.6.4?topic=installing>) to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T13:11:39", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2016-1000023", "CVE-2019-10086", "CVE-2020-13949", "CVE-2020-13956", "CVE-2020-14039", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-17530", "CVE-2020-24553", "CVE-2020-28362", "CVE-2020-28366", "CVE-2020-28367", "CVE-2020-36327", "CVE-2020-7919", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-22144", "CVE-2021-23177", "CVE-2021-23358", "CVE-2021-23450", "CVE-2021-27918", "CVE-2021-29425", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-31525", "CVE-2021-31566", "CVE-2021-31805", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-3634", "CVE-2021-3765", "CVE-2021-3807", "CVE-2021-38297", "CVE-2021-39293", "CVE-2021-3999", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44878", "CVE-2022-0155", "CVE-2022-0536", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-23852", "CVE-2022-24329", "CVE-2022-24675", "CVE-2022-24785", "CVE-2022-24839", "CVE-2022-24921", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315", "CVE-2022-25878", "CVE-2022-28327", "CVE-2022-29622"], "modified": "2022-10-25T13:11:39", "id": "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "href": "https://www.ibm.com/support/pages/node/6831813", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-30T07:06:14", "description": "## Summary\n\nNetcool Operations Insight v1.6.8 addresses multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23498](<https://vulners.com/cve/CVE-2022-23498>) \n** DESCRIPTION: **Grafana could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when datasource query caching is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2016-10739](<https://vulners.com/cve/CVE-2016-10739>) \n** DESCRIPTION: **An unspecified error with getaddrinfo function able to parse a string that contained an IPv4 address followed by whitespace and arbitrary characters in the GNU C Library has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155962](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155962>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-19591](<https://vulners.com/cve/CVE-2018-19591>) \n** DESCRIPTION: **Glibc is vulnerable to a denial of service, caused by the failure to close descriptors by if_nametoindex(). By invoking a call to the getaddrinfo() function with a 'node' parameter, a remote attacker could exploit this vulnerability to consume excessive memory on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153536](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153536>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20796](<https://vulners.com/cve/CVE-2018-20796>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an uncontrolled recursion in the check_dst_limits_calc_pos_1 in posix/regexec.c. By using a specially-crafted command, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158013](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158013>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-25013](<https://vulners.com/cve/CVE-2019-25013>) \n** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by a buffer over-read in iconv feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a SIGSEGV. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-6488](<https://vulners.com/cve/CVE-2019-6488>) \n** DESCRIPTION: **GNU C Library is vulnerable to a denial of service, caused by a flaw in the __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-7309](<https://vulners.com/cve/CVE-2019-7309>) \n** DESCRIPTION: **GNU C Library could provide weaker than expected security, caused by the incorrect return of zero by the memcmp function for the x32 architecture. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-9169](<https://vulners.com/cve/CVE-2019-9169>) \n** DESCRIPTION: **GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the proceed_next_node function in posix/regexec.c. By sending a specially-crafted argument using a case-insensitive regular-expression match, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-27618](<https://vulners.com/cve/CVE-2020-27618>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an error when processing some invalid inputs from several IBM character sets in the iconv function. By sending invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-6096](<https://vulners.com/cve/CVE-2020-6096>) \n** DESCRIPTION: **GNU glibc could allow a remote attacker to execute arbitrary code on the system, caused by an signed comparison vulnerability in the ARMv7 memcpy() implementation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179107](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179107>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3326](<https://vulners.com/cve/CVE-2021-3326>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an assertion failure when processing invalid input sequences in the ISO-2022-JP-3 encoding in the iconv function. By sending specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33813](<https://vulners.com/cve/CVE-2021-33813>) \n** DESCRIPTION: **JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203804](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203804>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13949](<https://vulners.com/cve/CVE-2020-13949>) \n** DESCRIPTION: **Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause a large memory allocation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35525](<https://vulners.com/cve/CVE-2020-35525>) \n** DESCRIPTION: **SQlite is vulnerable to a denial of service, caused by a NULL pointer derreference flaw in the INTERSEC query processing. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35527](<https://vulners.com/cve/CVE-2020-35527>) \n** DESCRIPTION: **SQlite could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access flaw through ALTER TABLE for views that have a nested FROM clause.. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235226>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-5932](<https://vulners.com/cve/CVE-2017-5932>) \n** DESCRIPTION: **GNU Bash could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the path autocompletion feature. By using a specially-crafted filename, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18276](<https://vulners.com/cve/CVE-2019-18276>) \n** DESCRIPTION: **GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disable_priv_mode in shell.c. By sending a specially-crafted command, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-43548](<https://vulners.com/cve/CVE-2022-43548>) \n** DESCRIPTION: **Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an insufficient IsAllowedHost check. By sending a specially-crafted DBS request using an invalid octal address, an attacker could exploit this vulnerability to conduct a DNS rebinding attack and execute arbitrary commands on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241552](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241552>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23552](<https://vulners.com/cve/CVE-2022-23552>) \n** DESCRIPTION: **Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the ResourcePicker component. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246366](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246366>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-31159](<https://vulners.com/cve/CVE-2022-31159>) \n** DESCRIPTION: **AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the downloadDirectory method in the AWS S3 TransferManager component. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system. \nCVSS Base score: 7.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2022-22971](<https://vulners.com/cve/CVE-2022-22971>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22970](<https://vulners.com/cve/CVE-2022-22970>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-48110](<https://vulners.com/cve/CVE-2022-48110>) \n** DESCRIPTION: **CKSource CKEditor5 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A local attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-1330](<https://vulners.com/cve/CVE-2018-1330>) \n** DESCRIPTION: **Apache Mesos is vulnerable to a denial of service, caused by an error when parsing a malformed JSON payload. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to cause libprocess to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149831](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149831>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-0204](<https://vulners.com/cve/CVE-2019-0204>) \n** DESCRIPTION: **Apache Mesos could allow a remote attacker to execute arbitrary code on the system. By using a specially-crafted Docker image, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158634](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158634>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-39324](<https://vulners.com/cve/CVE-2022-39324>) \n** DESCRIPTION: **Grafana could allow a remote authenticated attacker to conduct spoofing attacks. By editing the query, an attacker could exploit this vulnerability to spoof originalUrl of snapshots \nCVSS Base score: 6.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/245842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2022-40153](<https://vulners.com/cve/CVE-2022-40153>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23017](<https://vulners.com/cve/CVE-2021-23017>) \n** DESCRIPTION: **NGINX could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in ngx_resolver_copy() while processing DNS responses. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20372](<https://vulners.com/cve/CVE-2019-20372>) \n** DESCRIPTION: **NGINX could allow a remote attacker to obtain sensitive information, caused by a flaw in certain error_page configurations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174252](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174252>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-2879](<https://vulners.com/cve/CVE-2022-2879>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by the failure to set a limit on the maximum size of file headers by Reader.Read. By using a specially crafted archive, a remote attacker could exploit this vulnerability to exhaust all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2014-3004](<https://vulners.com/cve/CVE-2014-3004>) \n** DESCRIPTION: **Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93519](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93519>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2021-3711](<https://vulners.com/cve/CVE-2021-3711>) \n** DESCRIPTION: **OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208072](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208072>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1292](<https://vulners.com/cve/CVE-2022-1292>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225619>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3712](<https://vulners.com/cve/CVE-2021-3712>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-4160](<https://vulners.com/cve/CVE-2021-4160>) \n** DESCRIPTION: **OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system \nCVSS Base score: 6.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-1304](<https://vulners.com/cve/CVE-2022-1304>) \n** DESCRIPTION: **e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a segmentation fault. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224602](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224602>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2022-3515](<https://vulners.com/cve/CVE-2022-3515>) \n** DESCRIPTION: **GnuPG Libksba could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the CRL parser. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239062>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-3709](<https://vulners.com/cve/CVE-2016-3709>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the KippoInput.class.php script. A remote attacker could exploit this vulnerability using the $file_link parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-37434](<https://vulners.com/cve/CVE-2022-37434>) \n** DESCRIPTION: **zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2068](<https://vulners.com/cve/CVE-2022-2068>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-2097](<https://vulners.com/cve/CVE-2022-2097>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-11358](<https://vulners.com/cve/CVE-2019-11358>) \n** DESCRIPTION: **jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<https://vulners.com/cve/CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11023](<https://vulners.com/cve/CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-30698](<https://vulners.com/cve/CVE-2022-30698>) \n** DESCRIPTION: **NLnet Labs Unbound could allow a remote attacker to bypass security restrictions, caused by improper input validation. By utilize a novel type of the \"ghost domain names\" attack techniques, an attacker could exploit this vulnerability to overwrite the DNS cache to extend the TTL for the delegation data of a particular domain. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232544](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232544>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N) \n \n** CVEID: **[CVE-2022-30699](<https://vulners.com/cve/CVE-2022-30699>) \n** DESCRIPTION: **NLnet Labs Unbound could allow a remote attacker to bypass security restrictions, caused by improper input validation. By utilize a novel type of the \"ghost domain names\" attack techniques, an attacker could exploit this vulnerability to overwrite the DNS cache to extend the TTL for the delegation data of a particular domain. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232545](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232545>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N) \n \n** CVEID: **[CVE-2022-25881](<https://vulners.com/cve/CVE-2022-25881>) \n** DESCRIPTION: **Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input using request header values, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41816](<https://vulners.com/cve/CVE-2021-41816>) \n** DESCRIPTION: **Ruby is vulnerable to a buffer overflow, caused by improper bounds checking by a buffer overrun in CGI.escape_html. By sending an overly long string using the size_t parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-37865](<https://vulners.com/cve/CVE-2022-37865>) \n** DESCRIPTION: **Apache Ivy could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could use a specially-crafted archive file containing \"dot dot\" sequences (/../) to write arbitrary files on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239423](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239423>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-37866](<https://vulners.com/cve/CVE-2022-37866>) \n** DESCRIPTION: **Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to overwrite arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-25896](<https://vulners.com/cve/CVE-2022-25896>) \n** DESCRIPTION: **Node.js passport module could allow a remote attacker to hijack a user's session, caused by a session fixation vulnerability. An attacker could exploit this vulnerability to hijack sessions that were regenerated instead of closed. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230257](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230257>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2022-31197](<https://vulners.com/cve/CVE-2022-31197>) \n** DESCRIPTION: **PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to PGJDBC implementation of the java.sql.ResultRow.refreshRow() method, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232820](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232820>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-26520](<https://vulners.com/cve/CVE-2022-26520>) \n** DESCRIPTION: **pgjdbc could allow a remote attacker to execute arbitrary code on the system, caused by the external control of the java.util.logging.FileHandler component. By sending a specially-crafted request using the loggerFileName connection parameter, an attacker could exploit this vulnerability to create an executable JSP file under a Tomcat web root. Note: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41946](<https://vulners.com/cve/CVE-2022-41946>) \n** DESCRIPTION: **Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readable files in the TemporaryFolder. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-21724](<https://vulners.com/cve/CVE-2022-21724>) \n** DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially-crafted request using the \"authenticationPluginClassName\", \"sslhostnameverifier\", \"socketFactory\", \"sslfactory\", \"sslpasswordcallback\" classes, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218798](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218798>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35942](<https://vulners.com/cve/CVE-2021-35942>) \n** DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-1751](<https://vulners.com/cve/CVE-2020-1751>) \n** DESCRIPTION: **GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling signal trampolines on PowerPC. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180052](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180052>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-1752](<https://vulners.com/cve/CVE-2020-1752>) \n** DESCRIPTION: **GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free. By creating a specially crafted path, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10029](<https://vulners.com/cve/CVE-2020-10029>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by a stack-based overflow during range reduction. A local attacker could exploit this vulnerability to cause a stack corruption, leading to a denial of service condition. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19126](<https://vulners.com/cve/CVE-2019-19126>) \n** DESCRIPTION: **GNU C Library could allow a local attacker to bypass security restrictions, caused by failing to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution. An attacker could exploit this vulnerability to bypass ASLR for a setuid program. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172003](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172003>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-40674](<https://vulners.com/cve/CVE-2022-40674>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236116](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236116>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-11793](<https://vulners.com/cve/CVE-2018-11793>) \n** DESCRIPTION: **Apache Mesos is vulnerable to a denial of service, caused by an unbounded recursion when parsing a JSON payload with deeply nested JSON structures. By using specially-crafted JSON structures, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157759](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157759>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-8023](<https://vulners.com/cve/CVE-2018-8023>) \n** DESCRIPTION: **Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token (JWT) implementation. By abusing the timing difference of when the JWT validation function returns, an attacker could exploit this vulnerability to obtain the valid HMAC value. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150215](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150215>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-9923](<https://vulners.com/cve/CVE-2019-9923>) \n** DESCRIPTION: **GNU Tar is vulnerable to a denial of service, caused by a NULL point dereference in the pax_decode_header in sparse.c. By persuading a victim to run a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-1271](<https://vulners.com/cve/CVE-2022-1271>) \n** DESCRIPTION: **GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **220313 \n** DESCRIPTION: **PostgreSQL JDBC Driver could allow a remote attacker to gain unauthorized access to the system, caused by the exposure of the connection properties for configuring a pgjdbc connection. By specifying arbitrary connection properties, a remote attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220313 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fixes: \n\nNetcool Operations Insight v1.6.8 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nPlease go to [https://www.ibm.com/docs/en/noi/1.6.8?topic=installing](<https://www.ibm.com/docs/en/noi/1.6.4?topic=installing>) to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-11T11:47:27", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3004", "CVE-2016-10739", "CVE-2016-3709", "CVE-2017-5932", "CVE-2018-11793", "CVE-2018-1330", "CVE-2018-19591", "CVE-2018-20796", "CVE-2018-8023", "CVE-2019-0204", "CVE-2019-11358", "CVE-2019-18276", "CVE-2019-19126", "CVE-2019-20372", "CVE-2019-25013", "CVE-2019-6488", "CVE-2019-7309", "CVE-2019-9169", "CVE-2019-9923", "CVE-2020-10029", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13949", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-27618", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-6096", "CVE-2021-23017", "CVE-2021-3326", "CVE-2021-33813", "CVE-2021-35942", "CVE-2021-36090", "CVE-2021-3711", "CVE-2021-3712", "CVE-2021-3999", "CVE-2021-4160", "CVE-2021-41816", "CVE-2022-0778", "CVE-2022-1271", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21724", "CVE-2022-22970", "CVE-2022-22971", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23498", "CVE-2022-23552", "CVE-2022-25881", "CVE-2022-25896", "CVE-2022-26520", "CVE-2022-2879", "CVE-2022-30698", "CVE-2022-30699", "CVE-2022-31159", "CVE-2022-31197", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-39324", "CVE-2022-40153", "CVE-2022-40674", "CVE-2022-41946", "CVE-2022-43548", "CVE-2022-48110"], "modified": "2023-04-11T11:47:27", "id": "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "href": "https://www.ibm.com/support/pages/node/6982841", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-06-14T14:36:58", "description": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T07:15:00", "type": "debiancve", "title": "CVE-2022-23218", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2022-01-14T07:15:00", "id": "DEBIANCVE:CVE-2022-23218", "href": "https://security-tracker.debian.org/tracker/CVE-2022-23218", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-11-10T00:37:37", "description": "Red Hat Product Security has rated this issue as having Moderate security impact and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create() in the sunrpc's svc_unix.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) then it will lead to arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-10T00:42:38", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2022-11-08T16:40:08", "id": "VERACODE:35036", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35036/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-09-22T21:06:06", "description": "A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunix_create() in the sunrpc's svc_unix.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its path argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) then it will lead to arbitrary code execution.\n#### Mitigation\n\nAn application built with stack protector enabled can mitigate this issue. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T17:32:44", "type": "redhatcve", "title": "CVE-2022-23218", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2023-09-22T19:54:59", "id": "RH:CVE-2022-23218", "href": "https://access.redhat.com/security/cve/cve-2022-23218", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:54:10", "description": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T07:15:00", "type": "prion", "title": "CVE-2022-23218", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2022-11-08T13:37:00", "id": "PRION:CVE-2022-23218", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-23218", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-08-09T15:52:52", "description": "The deprecated compatibility function svcunix_create in the sunrpc module\nof the GNU C Library (aka glibc) through 2.34 copies its path argument on\nthe stack without validating its length, which may result in a buffer\noverflow, potentially resulting in a denial of service or (if an\napplication is not built with a stack protector enabled) arbitrary code\nexecution.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=28768>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Ubuntu has stack protector enabled since 2006, so this issue is only a denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T00:00:00", "type": "ubuntucve", "title": "CVE-2022-23218", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218"], "modified": "2022-01-14T00:00:00", "id": "UB:CVE-2022-23218", "href": "https://ubuntu.com/security/CVE-2022-23218", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2023-02-08T16:10:37", "description": " * [CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>)\n\nThe deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.\n\n * [CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>)\n\nThe deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.\n\nImpact\n\nA successful attack may allow an attacker to read or write to a memory location that is outside of the intended boundary of the memory buffer, resulting in arbitrary code execution or causing the system to stop responding.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-29T21:27:00", "type": "f5", "title": "GNU C Library (glibc) vulnerabilities CVE-2022-23218 and CVE-2022-23219", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-29T21:27:00", "id": "F5:K52308021", "href": "https://support.f5.com/csp/article/K52308021", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:43:59", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : glibc (EulerOS-SA-2022-1448)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-debugutils", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:glibc"], "id": "EULEROS_SA-2022-1448.NASL", "href": "https://www.tenable.com/plugins/nessus/159805", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159805);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/18\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS 2.0 SP9 : glibc (EulerOS-SA-2022-1448)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1448\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61ffadd7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-debugutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-61.h38.eulerosv2r9\",\n \"glibc-all-langpacks-2.28-61.h38.eulerosv2r9\",\n \"glibc-common-2.28-61.h38.eulerosv2r9\",\n \"glibc-debugutils-2.28-61.h38.eulerosv2r9\",\n \"glibc-locale-source-2.28-61.h38.eulerosv2r9\",\n \"libnsl-2.28-61.h38.eulerosv2r9\",\n \"nscd-2.28-61.h38.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:08", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9421 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-20T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2022-9421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-05-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd"], "id": "ORACLELINUX_ELSA-2022-9421.NASL", "href": "https://www.tenable.com/plugins/nessus/161419", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9421.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161419);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2022-9421)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9421 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9421.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'glibc-2.17-325.0.3.ksplice1.el7_9', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-common-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-common-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-devel-2.17-325.0.3.ksplice1.el7_9', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-devel-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-devel-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-headers-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-headers-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-static-2.17-325.0.3.ksplice1.el7_9', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-static-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-static-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-utils-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-utils-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nscd-2.17-325.0.3.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nscd-2.17-325.0.6.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:32", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : glibc (EulerOS-SA-2022-2051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/163199", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163199);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/15\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : glibc (EulerOS-SA-2022-2051)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2051\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cb28d400\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-63.h66.eulerosv2r10\",\n \"glibc-common-2.28-63.h66.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:33", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : glibc (EulerOS-SA-2022-2023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2023.NASL", "href": "https://www.tenable.com/plugins/nessus/163221", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163221);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/15\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : glibc (EulerOS-SA-2022-2023)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2023\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6b88c88f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-63.h66.eulerosv2r10\",\n \"glibc-common-2.28-63.h66.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:36", "description": "The version of glibc installed on the remote host is prior to 2.26-58. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1767 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : glibc (ALAS-2022-1767)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc-langpack-de", "p-cpe:/a:amazon:linux:glibc-langpack-doi", "p-cpe:/a:amazon:linux:glibc-langpack-dv", "p-cpe:/a:amazon:linux:glibc-langpack-dz", "p-cpe:/a:amazon:linux:glibc-langpack-el", "p-cpe:/a:amazon:linux:glibc-langpack-en", "p-cpe:/a:amazon:linux:glibc-langpack-eo", "p-cpe:/a:amazon:linux:glibc-langpack-es", "p-cpe:/a:amazon:linux:glibc-langpack-et", "p-cpe:/a:amazon:linux:glibc-langpack-eu", "p-cpe:/a:amazon:linux:glibc-langpack-fa", "p-cpe:/a:amazon:linux:glibc-langpack-ff", "p-cpe:/a:amazon:linux:glibc-langpack-fi", "p-cpe:/a:amazon:linux:glibc-langpack-fil", "p-cpe:/a:amazon:linux:glibc-langpack-fo", "p-cpe:/a:amazon:linux:glibc-langpack-fr", "p-cpe:/a:amazon:linux:glibc-langpack-fur", "p-cpe:/a:amazon:linux:glibc-langpack-fy", "p-cpe:/a:amazon:linux:glibc-langpack-ga", "p-cpe:/a:amazon:linux:glibc-langpack-gd", "p-cpe:/a:amazon:linux:glibc-langpack-gez", "p-cpe:/a:amazon:linux:glibc-langpack-gl", "p-cpe:/a:amazon:linux:glibc-langpack-gu", "p-cpe:/a:amazon:linux:glibc-langpack-gv", "p-cpe:/a:amazon:linux:glibc-langpack-ha", "p-cpe:/a:amazon:linux:glibc-langpack-hak", "p-cpe:/a:amazon:linux:glibc-langpack-he", "p-cpe:/a:amazon:linux:glibc-langpack-hi", "p-cpe:/a:amazon:linux:glibc-langpack-hne", "p-cpe:/a:amazon:linux:glibc-langpack-hr", "p-cpe:/a:amazon:linux:glibc-langpack-hsb", "p-cpe:/a:amazon:linux:glibc-langpack-ht", "p-cpe:/a:amazon:linux:glibc-langpack-hu", "p-cpe:/a:amazon:linux:glibc-langpack-hy", "p-cpe:/a:amazon:linux:glibc-langpack-ia", "p-cpe:/a:amazon:linux:glibc-langpack-id", "p-cpe:/a:amazon:linux:glibc-langpack-ig", "p-cpe:/a:amazon:linux:glibc-langpack-ik", "p-cpe:/a:amazon:linux:glibc-langpack-is", "p-cpe:/a:amazon:linux:glibc-langpack-it", "p-cpe:/a:amazon:linux:glibc-langpack-iu", "p-cpe:/a:amazon:linux:glibc-langpack-ja", "p-cpe:/a:amazon:linux:glibc-langpack-ka", "p-cpe:/a:amazon:linux:glibc-langpack-kk", "p-cpe:/a:amazon:linux:glibc-langpack-nhn", "p-cpe:/a:amazon:linux:glibc-langpack-niu", "p-cpe:/a:amazon:linux:glibc-langpack-nl", "p-cpe:/a:amazon:linux:glibc-langpack-nn", "p-cpe:/a:amazon:linux:glibc-langpack-nr", "p-cpe:/a:amazon:linux:glibc-langpack-nso", "p-cpe:/a:amazon:linux:glibc-langpack-oc", "p-cpe:/a:amazon:linux:glibc-langpack-om", "p-cpe:/a:amazon:linux:glibc-langpack-or", "p-cpe:/a:amazon:linux:glibc-langpack-os", "p-cpe:/a:amazon:linux:glibc-langpack-pa", "p-cpe:/a:amazon:linux:glibc-langpack-pap", "p-cpe:/a:amazon:linux:glibc-langpack-pl", "p-cpe:/a:amazon:linux:glibc-langpack-ps", "p-cpe:/a:amazon:linux:glibc-langpack-pt", "p-cpe:/a:amazon:linux:glibc-langpack-quz", "p-cpe:/a:amazon:linux:glibc-langpack-raj", "p-cpe:/a:amazon:linux:glibc-langpack-ro", "p-cpe:/a:amazon:linux:glibc-langpack-ru", "p-cpe:/a:amazon:linux:glibc-langpack-rw", "p-cpe:/a:amazon:linux:glibc-langpack-sa", "p-cpe:/a:amazon:linux:glibc-langpack-sat", "p-cpe:/a:amazon:linux:glibc-langpack-sc", "p-cpe:/a:amazon:linux:glibc-langpack-sd", "p-cpe:/a:amazon:linux:glibc-langpack-se", "p-cpe:/a:amazon:linux:glibc-langpack-sgs", "p-cpe:/a:amazon:linux:glibc-langpack-shs", "p-cpe:/a:amazon:linux:glibc-langpack-si", "p-cpe:/a:amazon:linux:glibc-langpack-sid", "p-cpe:/a:amazon:linux:glibc-langpack-sk", "p-cpe:/a:amazon:linux:glibc-langpack-sl", "p-cpe:/a:amazon:linux:glibc-langpack-so", "p-cpe:/a:amazon:linux:glibc-langpack-sq", "p-cpe:/a:amazon:linux:glibc-langpack-sr", "p-cpe:/a:amazon:linux:glibc-langpack-ss", "p-cpe:/a:amazon:linux:glibc-langpack-st", "p-cpe:/a:amazon:linux:glibc-langpack-sv", "p-cpe:/a:amazon:linux:glibc-langpack-sw", "p-cpe:/a:amazon:linux:glibc-langpack-szl", "p-cpe:/a:amazon:linux:glibc-langpack-ta", "p-cpe:/a:amazon:linux:glibc-langpack-tcy", "p-cpe:/a:amazon:linux:glibc-langpack-te", "p-cpe:/a:amazon:linux:glibc-langpack-tg", "p-cpe:/a:amazon:linux:glibc-langpack-th", "p-cpe:/a:amazon:linux:glibc-langpack-the", "p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-all-langpacks", "p-cpe:/a:amazon:linux:glibc-benchtests", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-langpack-aa", "p-cpe:/a:amazon:linux:glibc-langpack-af", "p-cpe:/a:amazon:linux:glibc-langpack-ak", "p-cpe:/a:amazon:linux:glibc-langpack-am", "p-cpe:/a:amazon:linux:glibc-langpack-an", "p-cpe:/a:amazon:linux:glibc-langpack-anp", "p-cpe:/a:amazon:linux:glibc-langpack-ar", "p-cpe:/a:amazon:linux:glibc-langpack-as", "p-cpe:/a:amazon:linux:glibc-langpack-ast", "p-cpe:/a:amazon:linux:glibc-langpack-ayc", "p-cpe:/a:amazon:linux:glibc-langpack-az", "p-cpe:/a:amazon:linux:glibc-langpack-be", "p-cpe:/a:amazon:linux:glibc-langpack-bem", "p-cpe:/a:amazon:linux:glibc-langpack-ber", "p-cpe:/a:amazon:linux:glibc-langpack-bg", "p-cpe:/a:amazon:linux:glibc-langpack-bhb", "p-cpe:/a:amazon:linux:glibc-langpack-bho", "p-cpe:/a:amazon:linux:glibc-langpack-bn", "p-cpe:/a:amazon:linux:glibc-langpack-bo", "p-cpe:/a:amazon:linux:glibc-langpack-br", "p-cpe:/a:amazon:linux:glibc-langpack-brx", "p-cpe:/a:amazon:linux:glibc-langpack-bs", "p-cpe:/a:amazon:linux:glibc-langpack-byn", "p-cpe:/a:amazon:linux:glibc-langpack-ca", "p-cpe:/a:amazon:linux:glibc-langpack-ce", "p-cpe:/a:amazon:linux:glibc-langpack-chr", "p-cpe:/a:amazon:linux:glibc-langpack-cmn", "p-cpe:/a:amazon:linux:glibc-langpack-crh", "p-cpe:/a:amazon:linux:glibc-langpack-cs", "p-cpe:/a:amazon:linux:glibc-langpack-csb", "p-cpe:/a:amazon:linux:glibc-langpack-cv", "p-cpe:/a:amazon:linux:glibc-langpack-cy", "p-cpe:/a:amazon:linux:glibc-langpack-da", "p-cpe:/a:amazon:linux:glibc-langpack-kl", "p-cpe:/a:amazon:linux:glibc-langpack-km", "p-cpe:/a:amazon:linux:glibc-langpack-kn", "p-cpe:/a:amazon:linux:glibc-langpack-ko", "p-cpe:/a:amazon:linux:glibc-langpack-kok", "p-cpe:/a:amazon:linux:glibc-langpack-ks", "p-cpe:/a:amazon:linux:glibc-langpack-ku", "p-cpe:/a:amazon:linux:glibc-langpack-kw", "p-cpe:/a:amazon:linux:glibc-langpack-ky", "p-cpe:/a:amazon:linux:glibc-langpack-lb", "p-cpe:/a:amazon:linux:glibc-langpack-lg", "p-cpe:/a:amazon:linux:glibc-langpack-li", "p-cpe:/a:amazon:linux:glibc-langpack-lij", "p-cpe:/a:amazon:linux:glibc-langpack-ln", "p-cpe:/a:amazon:linux:glibc-langpack-lo", "p-cpe:/a:amazon:linux:glibc-langpack-lt", "p-cpe:/a:amazon:linux:glibc-langpack-lv", "p-cpe:/a:amazon:linux:glibc-langpack-lzh", "p-cpe:/a:amazon:linux:glibc-langpack-mag", "p-cpe:/a:amazon:linux:glibc-langpack-mai", "p-cpe:/a:amazon:linux:glibc-langpack-mg", "p-cpe:/a:amazon:linux:glibc-langpack-mhr", "p-cpe:/a:amazon:linux:glibc-langpack-mi", "p-cpe:/a:amazon:linux:glibc-langpack-mk", "p-cpe:/a:amazon:linux:glibc-langpack-ml", "p-cpe:/a:amazon:linux:glibc-langpack-mn", "p-cpe:/a:amazon:linux:glibc-langpack-mni", "p-cpe:/a:amazon:linux:glibc-langpack-mr", "p-cpe:/a:amazon:linux:glibc-langpack-ms", "p-cpe:/a:amazon:linux:glibc-langpack-mt", "p-cpe:/a:amazon:linux:glibc-langpack-my", "p-cpe:/a:amazon:linux:glibc-langpack-nan", "p-cpe:/a:amazon:linux:glibc-langpack-nb", "p-cpe:/a:amazon:linux:glibc-langpack-nds", "p-cpe:/a:amazon:linux:glibc-langpack-ne", "p-cpe:/a:amazon:linux:glibc-langpack-ti", "p-cpe:/a:amazon:linux:glibc-langpack-tig", "p-cpe:/a:amazon:linux:glibc-langpack-tk", "p-cpe:/a:amazon:linux:glibc-langpack-tl", "p-cpe:/a:amazon:linux:glibc-langpack-tn", "p-cpe:/a:amazon:linux:glibc-langpack-tr", "p-cpe:/a:amazon:linux:glibc-langpack-ts", "p-cpe:/a:amazon:linux:glibc-langpack-tt", "p-cpe:/a:amazon:linux:glibc-langpack-ug", "p-cpe:/a:amazon:linux:glibc-langpack-uk", "p-cpe:/a:amazon:linux:glibc-langpack-unm", "p-cpe:/a:amazon:linux:glibc-langpack-ur", "p-cpe:/a:amazon:linux:glibc-langpack-uz", "p-cpe:/a:amazon:linux:glibc-langpack-ve", "p-cpe:/a:amazon:linux:glibc-langpack-vi", "p-cpe:/a:amazon:linux:glibc-langpack-wa", "p-cpe:/a:amazon:linux:glibc-langpack-wae", "p-cpe:/a:amazon:linux:glibc-langpack-wal", "p-cpe:/a:amazon:linux:glibc-langpack-wo", "p-cpe:/a:amazon:linux:glibc-langpack-xh", "p-cpe:/a:amazon:linux:glibc-langpack-yi", "p-cpe:/a:amazon:linux:glibc-langpack-yo", "p-cpe:/a:amazon:linux:glibc-langpack-yue", "p-cpe:/a:amazon:linux:glibc-langpack-zh", "p-cpe:/a:amazon:linux:glibc-langpack-zu", "p-cpe:/a:amazon:linux:glibc-locale-source", "p-cpe:/a:amazon:linux:glibc-minimal-langpack", "p-cpe:/a:amazon:linux:glibc-nss-devel", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:libcrypt", "p-cpe:/a:amazon:linux:libcrypt-nss", "p-cpe:/a:amazon:linux:nscd", "p-cpe:/a:amazon:linux:nss_db", "p-cpe:/a:amazon:linux:nss_hesiod", "p-cpe:/a:amazon:linux:nss_nis", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1767.NASL", "href": "https://www.tenable.com/plugins/nessus/159564", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1767.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159564);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/06\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n script_xref(name:\"ALAS\", value:\"2022-1767\");\n\n script_name(english:\"Amazon Linux 2 : glibc (ALAS-2022-1767)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of glibc installed on the remote host is prior to 2.26-58. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1767 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1767.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23218.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23219.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update glibc' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-benchtests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcrypt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss_hesiod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss_nis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'glibc-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-common-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-common-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcrypt-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcrypt-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcrypt-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcrypt-nss-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcrypt-nss-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcrypt-nss-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_nis-2.26-58.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_nis-2.26-58.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_nis-2.26-58.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-all-langpacks / glibc-benchtests / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:26", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9358 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2022-9358)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-05-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd"], "id": "ORACLELINUX_ELSA-2022-9358.NASL", "href": "https://www.tenable.com/plugins/nessus/161195", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9358.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161195);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2022-9358)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9358 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9358.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'glibc-2.17-325.0.3.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-325.0.3.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-325.0.3.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-325.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:15", "description": "The version of glibc installed on the remote host is prior to 2.17-324.189. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1576 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-06T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2022-1576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1576.NASL", "href": "https://www.tenable.com/plugins/nessus/159562", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1576.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159562);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/06\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n script_xref(name:\"ALAS\", value:\"2022-1576\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2022-1576)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of glibc installed on the remote host is prior to 2.17-324.189. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1576 advisory.\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1576.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23218.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23219.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update glibc' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'glibc-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-common-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-debuginfo-common-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-324.189.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-324.189.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:54", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2022-1606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-05-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-debugutils", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-1606.NASL", "href": "https://www.tenable.com/plugins/nessus/160583", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160583);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/05\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2022-1606)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1606\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8afa6071\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-debugutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-61.h38.eulerosv2r9\",\n \"glibc-all-langpacks-2.28-61.h38.eulerosv2r9\",\n \"glibc-common-2.28-61.h38.eulerosv2r9\",\n \"glibc-debugutils-2.28-61.h38.eulerosv2r9\",\n \"glibc-locale-source-2.28-61.h38.eulerosv2r9\",\n \"libnsl-2.28-61.h38.eulerosv2r9\",\n \"nscd-2.28-61.h38.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:09", "description": "According to the versions of the compat-glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : compat-glibc (EulerOS-SA-2022-2603)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-10-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:compat-glibc", "p-cpe:/a:huawei:euleros:compat-glibc-headers", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2603.NASL", "href": "https://www.tenable.com/plugins/nessus/166660", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166660);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/28\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS 2.0 SP3 : compat-glibc (EulerOS-SA-2022-2603)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the compat-glibc packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2603\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8054542\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected compat-glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:compat-glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:compat-glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"compat-glibc-2.12-5.h2\",\n \"compat-glibc-headers-2.12-5.h2\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:03", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2022-1629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-05-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-debugutils", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-1629.NASL", "href": "https://www.tenable.com/plugins/nessus/160598", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160598);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/05\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2022-1629)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1629\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69642e03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-debugutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-61.h38.eulerosv2r9\",\n \"glibc-all-langpacks-2.28-61.h38.eulerosv2r9\",\n \"glibc-common-2.28-61.h38.eulerosv2r9\",\n \"glibc-debugutils-2.28-61.h38.eulerosv2r9\",\n \"glibc-locale-source-2.28-61.h38.eulerosv2r9\",\n \"libnsl-2.28-61.h38.eulerosv2r9\",\n \"nscd-2.28-61.h38.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:40", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : glibc (EulerOS-SA-2022-1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-debugutils", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/159788", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159788);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/18\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS 2.0 SP9 : glibc (EulerOS-SA-2022-1427)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1427\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?651b616c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-debugutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-61.h38.eulerosv2r9\",\n \"glibc-all-langpacks-2.28-61.h38.eulerosv2r9\",\n \"glibc-common-2.28-61.h38.eulerosv2r9\",\n \"glibc-debugutils-2.28-61.h38.eulerosv2r9\",\n \"glibc-locale-source-2.28-61.h38.eulerosv2r9\",\n \"libnsl-2.28-61.h38.eulerosv2r9\",\n \"nscd-2.28-61.h38.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:34", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : glibc (EulerOS-SA-2022-1485)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/160038", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160038);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/21\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS 2.0 SP10 : glibc (EulerOS-SA-2022-1485)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1485\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65cc0bc7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-63.h65.eulerosv2r10\",\n \"glibc-all-langpacks-2.28-63.h65.eulerosv2r10\",\n \"glibc-common-2.28-63.h65.eulerosv2r10\",\n \"glibc-locale-source-2.28-63.h65.eulerosv2r10\",\n \"libnsl-2.28-63.h65.eulerosv2r10\",\n \"nscd-2.28-63.h65.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:32", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : glibc (EulerOS-SA-2022-1504)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-all-langpacks", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-locale-source", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1504.NASL", "href": "https://www.tenable.com/plugins/nessus/159952", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159952);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/20\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS 2.0 SP10 : glibc (EulerOS-SA-2022-1504)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1504\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f56d2032\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.28-63.h65.eulerosv2r10\",\n \"glibc-all-langpacks-2.28-63.h65.eulerosv2r10\",\n \"glibc-common-2.28-63.h65.eulerosv2r10\",\n \"glibc-locale-source-2.28-63.h65.eulerosv2r10\",\n \"libnsl-2.28-63.h65.eulerosv2r10\",\n \"nscd-2.28-63.h65.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:29", "description": "SunOS 5.10_x86: nss_dns patch.\nDate this patch was last updated by Sun : Jan/16/23", "cvss3": {}, "published": "2023-03-09T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 148420-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219", "CVE-2023-21896"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:148413", "p-cpe:/a:oracle:solaris:10:148420", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_148420-04.NASL", "href": "https://www.tenable.com/plugins/nessus/172382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(172382);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\", \"CVE-2023-21896\");\n\n script_name(english:\"Solaris 10 (x86) : 148420-04\");\n script_summary(english:\"Check for patch 148420-04\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing Sun Security Patch number 148420-04\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10_x86: nss_dns patch.\nDate this patch was last updated by Sun : Jan/16/23\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/148420-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 148420-04 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148413\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148420\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"148420-04\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcslr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:51:38", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0330-1 advisory.\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2022:0330-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-32bit", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:glibc-devel-static", "p-cpe:/a:novell:suse_linux:glibc-extra", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-lang", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-base", "p-cpe:/a:novell:suse_linux:glibc-locale-base-32bit", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:glibc-utils", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157391", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0330-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157391);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0330-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2022:0330-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0330-1 advisory.\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory\n corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and\n size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and\n escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23219\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010187.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e3b4f35\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'glibc-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-32bit-2.31-150300.9.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-32bit-2.31-150300.9.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-devel-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-devel-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-extra-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-extra-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-i18ndata-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-i18ndata-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-info-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-info-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-lang-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-lang-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-locale-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-locale-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-locale-base-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-locale-base-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-locale-base-32bit-2.31-150300.9.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-locale-base-32bit-2.31-150300.9.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-profile-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-profile-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'nscd-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'nscd-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'glibc-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-32bit-2.31-150300.9.12.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-32bit-2.31-150300.9.12.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-devel-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-devel-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-extra-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-extra-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-i18ndata-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-i18ndata-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-info-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-info-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-lang-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-lang-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-locale-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-locale-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-locale-base-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-locale-base-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-locale-base-32bit-2.31-150300.9.12.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-locale-base-32bit-2.31-150300.9.12.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-profile-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-profile-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'nscd-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'nscd-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'glibc-devel-32bit-2.31-150300.9.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'glibc-devel-32bit-2.31-150300.9.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'glibc-devel-static-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'glibc-devel-static-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'glibc-utils-2.31-150300.9.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'glibc-utils-2.31-150300.9.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'glibc-devel-32bit-2.31-150300.9.12.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'glibc-devel-32bit-2.31-150300.9.12.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'glibc-devel-static-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'glibc-devel-static-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'glibc-utils-2.31-150300.9.12.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'glibc-utils-2.31-150300.9.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:30", "description": "SunOS 5.10: nss_dns patch.\nDate this patch was last updated by Sun : Jan/16/23", "cvss3": {}, "published": "2023-03-09T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 148419-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23218", "CVE-2022-23219", "CVE-2023-21896"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:148412", "p-cpe:/a:oracle:solaris:10:148419", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_148419-04.NASL", "href": "https://www.tenable.com/plugins/nessus/172377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(172377);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2022-23218\", \"CVE-2022-23219\", \"CVE-2023-21896\");\n\n script_name(english:\"Solaris 10 (sparc) : 148419-04\");\n script_summary(english:\"Check for patch 148419-04\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing Sun Security Patch number 148419-04\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10: nss_dns patch.\nDate this patch was last updated by Sun : Jan/16/23\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/148419-04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 148419-04 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148412\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148419\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"148419-04\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcslr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:49", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : glibc (EulerOS-SA-2022-2608)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-10-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2608.NASL", "href": "https://www.tenable.com/plugins/nessus/166641", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166641);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/27\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"EulerOS 2.0 SP3 : glibc (EulerOS-SA-2022-2608)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory\n corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and\n size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and\n escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2608\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c48b8bd4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"glibc-2.17-196.h51\",\n \"glibc-common-2.17-196.h51\",\n \"glibc-devel-2.17-196.h51\",\n \"glibc-headers-2.17-196.h51\",\n \"glibc-static-2.17-196.h51\",\n \"glibc-utils-2.17-196.h51\",\n \"nscd-2.17-196.h51\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:09", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0896 advisory.\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : glibc (ELSA-2022-0896)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-03-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:compat-libpthread-nonshared", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-all-langpacks", "p-cpe:/a:oracle:linux:glibc-benchtests", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-langpack-aa", "p-cpe:/a:oracle:linux:glibc-langpack-af", "p-cpe:/a:oracle:linux:glibc-langpack-agr", "p-cpe:/a:oracle:linux:glibc-langpack-ak", "p-cpe:/a:oracle:linux:glibc-langpack-am", "p-cpe:/a:oracle:linux:glibc-langpack-an", "p-cpe:/a:oracle:linux:glibc-langpack-anp", "p-cpe:/a:oracle:linux:glibc-langpack-ar", "p-cpe:/a:oracle:linux:glibc-langpack-as", "p-cpe:/a:oracle:linux:glibc-langpack-ast", "p-cpe:/a:oracle:linux:glibc-langpack-ayc", "p-cpe:/a:oracle:linux:glibc-langpack-az", "p-cpe:/a:oracle:linux:glibc-langpack-be", "p-cpe:/a:oracle:linux:glibc-langpack-bem", "p-cpe:/a:oracle:linux:glibc-langpack-ber", "p-cpe:/a:oracle:linux:glibc-langpack-bg", "p-cpe:/a:oracle:linux:glibc-langpack-bhb", "p-cpe:/a:oracle:linux:glibc-langpack-bho", "p-cpe:/a:oracle:linux:glibc-langpack-bi", "p-cpe:/a:oracle:linux:glibc-langpack-bn", "p-cpe:/a:oracle:linux:glibc-langpack-bo", "p-cpe:/a:oracle:linux:glibc-langpack-br", "p-cpe:/a:oracle:linux:glibc-langpack-brx", "p-cpe:/a:oracle:linux:glibc-langpack-bs", "p-cpe:/a:oracle:linux:glibc-langpack-byn", "p-cpe:/a:oracle:linux:glibc-langpack-ca", "p-cpe:/a:oracle:linux:glibc-langpack-ce", "p-cpe:/a:oracle:linux:glibc-langpack-chr", "p-cpe:/a:oracle:linux:glibc-langpack-cmn", "p-cpe:/a:oracle:linux:glibc-langpack-crh", "p-cpe:/a:oracle:linux:glibc-langpack-cs", "p-cpe:/a:oracle:linux:glibc-langpack-csb", "p-cpe:/a:oracle:linux:glibc-langpack-cv", "p-cpe:/a:oracle:linux:glibc-langpack-cy", "p-cpe:/a:oracle:linux:glibc-langpack-da", "p-cpe:/a:oracle:linux:glibc-langpack-de", "p-cpe:/a:oracle:linux:glibc-langpack-doi", "p-cpe:/a:oracle:linux:glibc-langpack-dsb", "p-cpe:/a:oracle:linux:glibc-langpack-dv", "p-cpe:/a:oracle:linux:glibc-langpack-dz", "p-cpe:/a:oracle:linux:glibc-langpack-el", "p-cpe:/a:oracle:linux:glibc-langpack-en", "p-cpe:/a:oracle:linux:glibc-langpack-eo", "p-cpe:/a:oracle:linux:glibc-langpack-es", "p-cpe:/a:oracle:linux:glibc-langpack-et", "p-cpe:/a:oracle:linux:glibc-langpack-eu", "p-cpe:/a:oracle:linux:glibc-langpack-fa", "p-cpe:/a:oracle:linux:glibc-langpack-ff", "p-cpe:/a:oracle:linux:glibc-langpack-fi", "p-cpe:/a:oracle:linux:glibc-langpack-fil", "p-cpe:/a:oracle:linux:glibc-langpack-fo", "p-cpe:/a:oracle:linux:glibc-langpack-fr", "p-cpe:/a:oracle:linux:glibc-langpack-fur", "p-cpe:/a:oracle:linux:glibc-langpack-fy", "p-cpe:/a:oracle:linux:glibc-langpack-ga", "p-cpe:/a:oracle:linux:glibc-langpack-gd", "p-cpe:/a:oracle:linux:glibc-langpack-gez", "p-cpe:/a:oracle:linux:glibc-langpack-gl", "p-cpe:/a:oracle:linux:glibc-langpack-gu", "p-cpe:/a:oracle:linux:glibc-langpack-gv", "p-cpe:/a:oracle:linux:glibc-langpack-ha", "p-cpe:/a:oracle:linux:glibc-langpack-hak", "p-cpe:/a:oracle:linux:glibc-langpack-he", "p-cpe:/a:oracle:linux:glibc-langpack-hi", "p-cpe:/a:oracle:linux:glibc-langpack-hif", "p-cpe:/a:oracle:linux:glibc-langpack-hne", "p-cpe:/a:oracle:linux:glibc-langpack-hr", "p-cpe:/a:oracle:linux:glibc-langpack-hsb", "p-cpe:/a:oracle:linux:glibc-langpack-ht", "p-cpe:/a:oracle:linux:glibc-langpack-hu", "p-cpe:/a:oracle:linux:glibc-langpack-hy", "p-cpe:/a:oracle:linux:glibc-langpack-ia", "p-cpe:/a:oracle:linux:glibc-langpack-id", "p-cpe:/a:oracle:linux:glibc-langpack-ig", "p-cpe:/a:oracle:linux:glibc-langpack-ik", "p-cpe:/a:oracle:linux:glibc-langpack-is", "p-cpe:/a:oracle:linux:glibc-langpack-it", "p-cpe:/a:oracle:linux:glibc-langpack-iu", "p-cpe:/a:oracle:linux:glibc-langpack-ja", "p-cpe:/a:oracle:linux:glibc-langpack-ka", "p-cpe:/a:oracle:linux:glibc-langpack-kab", "p-cpe:/a:oracle:linux:glibc-langpack-kk", "p-cpe:/a:oracle:linux:glibc-langpack-kl", "p-cpe:/a:oracle:linux:glibc-langpack-km", "p-cpe:/a:oracle:linux:glibc-langpack-kn", "p-cpe:/a:oracle:linux:glibc-langpack-ko", "p-cpe:/a:oracle:linux:glibc-langpack-kok", "p-cpe:/a:oracle:linux:glibc-langpack-ks", "p-cpe:/a:oracle:linux:glibc-langpack-ku", "p-cpe:/a:oracle:linux:glibc-langpack-kw", "p-cpe:/a:oracle:linux:glibc-langpack-ky", "p-cpe:/a:oracle:linux:glibc-langpack-lb", "p-cpe:/a:oracle:linux:glibc-langpack-lg", "p-cpe:/a:oracle:linux:glibc-langpack-li", "p-cpe:/a:oracle:linux:glibc-langpack-lij", "p-cpe:/a:oracle:linux:glibc-langpack-ln", "p-cpe:/a:oracle:linux:glibc-langpack-lo", "p-cpe:/a:oracle:linux:glibc-langpack-lt", "p-cpe:/a:oracle:linux:glibc-langpack-lv", "p-cpe:/a:oracle:linux:glibc-langpack-lzh", "p-cpe:/a:oracle:linux:glibc-langpack-mag", "p-cpe:/a:oracle:linux:glibc-langpack-mai", "p-cpe:/a:oracle:linux:glibc-langpack-mfe", "p-cpe:/a:oracle:linux:glibc-langpack-mg", "p-cpe:/a:oracle:linux:glibc-langpack-mhr", "p-cpe:/a:oracle:linux:glibc-langpack-mi", "p-cpe:/a:oracle:linux:glibc-langpack-miq", "p-cpe:/a:oracle:linux:glibc-langpack-mjw", "p-cpe:/a:oracle:linux:glibc-langpack-mk", "p-cpe:/a:oracle:linux:glibc-langpack-ml", "p-cpe:/a:oracle:linux:glibc-langpack-mn", "p-cpe:/a:oracle:linux:glibc-langpack-mni", "p-cpe:/a:oracle:linux:glibc-langpack-mr", "p-cpe:/a:oracle:linux:glibc-langpack-ms", "p-cpe:/a:oracle:linux:glibc-langpack-mt", "p-cpe:/a:oracle:linux:glibc-langpack-my", "p-cpe:/a:oracle:linux:glibc-langpack-nan", "p-cpe:/a:oracle:linux:glibc-langpack-nb", "p-cpe:/a:oracle:linux:glibc-langpack-nds", "p-cpe:/a:oracle:linux:glibc-langpack-ne", "p-cpe:/a:oracle:linux:glibc-langpack-nhn", "p-cpe:/a:oracle:linux:glibc-langpack-niu", "p-cpe:/a:oracle:linux:glibc-langpack-nl", "p-cpe:/a:oracle:linux:glibc-langpack-nn", "p-cpe:/a:oracle:linux:glibc-langpack-nr", "p-cpe:/a:oracle:linux:glibc-langpack-nso", "p-cpe:/a:oracle:linux:glibc-langpack-oc", "p-cpe:/a:oracle:linux:glibc-langpack-om", "p-cpe:/a:oracle:linux:glibc-langpack-or", "p-cpe:/a:oracle:linux:glibc-langpack-os", "p-cpe:/a:oracle:linux:glibc-langpack-pa", "p-cpe:/a:oracle:linux:glibc-langpack-pap", "p-cpe:/a:oracle:linux:glibc-langpack-pl", "p-cpe:/a:oracle:linux:glibc-langpack-ps", "p-cpe:/a:oracle:linux:glibc-langpack-pt", "p-cpe:/a:oracle:linux:glibc-langpack-quz", "p-cpe:/a:oracle:linux:glibc-langpack-raj", "p-cpe:/a:oracle:linux:glibc-langpack-ro", "p-cpe:/a:oracle:linux:glibc-langpack-ru", "p-cpe:/a:oracle:linux:glibc-langpack-rw", "p-cpe:/a:oracle:linux:glibc-langpack-sa", "p-cpe:/a:oracle:linux:glibc-langpack-sah", "p-cpe:/a:oracle:linux:glibc-langpack-sat", "p-cpe:/a:oracle:linux:glibc-langpack-sc", "p-cpe:/a:oracle:linux:glibc-langpack-sd", "p-cpe:/a:oracle:linux:glibc-langpack-se", "p-cpe:/a:oracle:linux:glibc-langpack-sgs", "p-cpe:/a:oracle:linux:glibc-langpack-shn", "p-cpe:/a:oracle:linux:glibc-langpack-shs", "p-cpe:/a:oracle:linux:glibc-langpack-si", "p-cpe:/a:oracle:linux:glibc-langpack-sid", "p-cpe:/a:oracle:linux:glibc-langpack-sk", "p-cpe:/a:oracle:linux:glibc-langpack-sl", "p-cpe:/a:oracle:linux:glibc-langpack-sm", "p-cpe:/a:oracle:linux:glibc-langpack-so", "p-cpe:/a:oracle:linux:glibc-langpack-sq", "p-cpe:/a:oracle:linux:glibc-langpack-sr", "p-cpe:/a:oracle:linux:glibc-langpack-ss", "p-cpe:/a:oracle:linux:glibc-langpack-st", "p-cpe:/a:oracle:linux:glibc-langpack-sv", "p-cpe:/a:oracle:linux:glibc-langpack-sw", "p-cpe:/a:oracle:linux:glibc-langpack-szl", "p-cpe:/a:oracle:linux:glibc-langpack-ta", "p-cpe:/a:oracle:linux:glibc-langpack-tcy", "p-cpe:/a:oracle:linux:glibc-langpack-te", "p-cpe:/a:oracle:linux:glibc-langpack-tg", "p-cpe:/a:oracle:linux:glibc-langpack-th", "p-cpe:/a:oracle:linux:glibc-langpack-the", "p-cpe:/a:oracle:linux:glibc-langpack-ti", "p-cpe:/a:oracle:linux:glibc-langpack-tig", "p-cpe:/a:oracle:linux:glibc-langpack-tk", "p-cpe:/a:oracle:linux:glibc-langpack-tl", "p-cpe:/a:oracle:linux:glibc-langpack-tn", "p-cpe:/a:oracle:linux:glibc-langpack-to", "p-cpe:/a:oracle:linux:glibc-langpack-tpi", "p-cpe:/a:oracle:linux:glibc-langpack-tr", "p-cpe:/a:oracle:linux:glibc-langpack-ts", "p-cpe:/a:oracle:linux:glibc-langpack-tt", "p-cpe:/a:oracle:linux:glibc-langpack-ug", "p-cpe:/a:oracle:linux:glibc-langpack-uk", "p-cpe:/a:oracle:linux:glibc-langpack-unm", "p-cpe:/a:oracle:linux:glibc-langpack-ur", "p-cpe:/a:oracle:linux:glibc-langpack-uz", "p-cpe:/a:oracle:linux:glibc-langpack-ve", "p-cpe:/a:oracle:linux:glibc-langpack-vi", "p-cpe:/a:oracle:linux:glibc-langpack-wa", "p-cpe:/a:oracle:linux:glibc-langpack-wae", "p-cpe:/a:oracle:linux:glibc-langpack-wal", "p-cpe:/a:oracle:linux:glibc-langpack-wo", "p-cpe:/a:oracle:linux:glibc-langpack-xh", "p-cpe:/a:oracle:linux:glibc-langpack-yi", "p-cpe:/a:oracle:linux:glibc-langpack-yo", "p-cpe:/a:oracle:linux:glibc-langpack-yue", "p-cpe:/a:oracle:linux:glibc-langpack-yuw", "p-cpe:/a:oracle:linux:glibc-langpack-zh", "p-cpe:/a:oracle:linux:glibc-langpack-zu", "p-cpe:/a:oracle:linux:glibc-locale-source", "p-cpe:/a:oracle:linux:glibc-minimal-langpack", "p-cpe:/a:oracle:linux:glibc-nss-devel", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:libnsl", "p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:nss_db", "p-cpe:/a:oracle:linux:nss_hesiod"], "id": "ORACLELINUX_ELSA-2022-0896.NASL", "href": "https://www.tenable.com/plugins/nessus/158999", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0896.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158999);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/16\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"Oracle Linux 8 : glibc (ELSA-2022-0896)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-0896 advisory.\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0896.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-libpthread-nonshared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-benchtests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-agr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mfe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-miq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mjw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-shn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-to\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yuw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss_hesiod\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'compat-libpthread-nonshared-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'compat-libpthread-nonshared-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-all-langpacks-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-benchtests-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-aa-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-af-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-agr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-agr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ak-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-am-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-an-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-anp-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ar-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-as-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ast-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ayc-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-az-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-be-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bem-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ber-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bg-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bhb-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bho-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bo-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-br-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-brx-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-bs-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-byn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ca-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ce-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-chr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cmn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-crh-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cs-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-csb-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cv-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-cy-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-da-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-de-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-doi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dsb-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dsb-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dv-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-dz-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-el-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-en-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eo-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-es-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-et-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-eu-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fa-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ff-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fil-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fo-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fur-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-fy-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ga-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gd-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gez-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gu-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-gv-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ha-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hak-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-he-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hif-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hif-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hne-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hsb-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ht-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hu-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-hy-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ia-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-id-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ig-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ik-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-is-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-it-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-iu-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ja-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ka-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kab-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kab-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kk-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-km-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ko-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kok-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ks-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ku-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-kw-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ky-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lb-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lg-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-li-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lij-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ln-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lo-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lt-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lv-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-lzh-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mag-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mai-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mfe-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mfe-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mg-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mhr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-miq-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-miq-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mjw-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mjw-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mk-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ml-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mni-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ms-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-mt-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-my-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nan-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nb-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nds-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ne-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nhn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-niu-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-nso-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-oc-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-om-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-or-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-os-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pa-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pap-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ps-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-pt-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-quz-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-raj-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ro-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ru-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-rw-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sa-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sah-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sah-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sat-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sc-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sd-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-se-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sgs-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-shs-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-si-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sid-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sk-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sm-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sm-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-so-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sq-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ss-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-st-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sv-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-sw-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-szl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ta-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tcy-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-te-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tg-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-th-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-the-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ti-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tig-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tk-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tn-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-to-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-to-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tpi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tpi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tr-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ts-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-tt-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ug-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uk-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-unm-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ur-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-uz-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-ve-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-vi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wa-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wae-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wal-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-wo-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-xh-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yi-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yo-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yue-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yuw-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-yuw-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zh-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-langpack-zu-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-source-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-minimal-langpack-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-nss-devel-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnsl-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnsl-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnsl-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_db-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.28-164.0.5.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.28-164.0.5.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss_hesiod-2.28-164.0.5.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'compat-libpthread-nonshared / glibc / glibc-all-langpacks / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:53:53", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0441-1 advisory.\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : glibc (SUSE-SU-2022:0441-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-32bit", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:glibc-devel-static", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0441-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158126", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0441-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158126);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0441-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : glibc (SUSE-SU-2022:0441-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0441-1 advisory.\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory\n corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and\n size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and\n escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23219\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010230.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63d8a677\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'glibc-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-32bit-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-devel-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-devel-32bit-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-html-2.22-114.19.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-i18ndata-2.22-114.19.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-info-2.22-114.19.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-locale-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-locale-32bit-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-profile-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-profile-32bit-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'nscd-2.22-114.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'glibc-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-devel-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-devel-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-html-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-i18ndata-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-info-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-locale-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-locale-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-profile-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-profile-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'nscd-2.22-114.19.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'glibc-devel-static-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'glibc-info-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'glibc-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-32bit-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-devel-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-devel-32bit-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-html-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-i18ndata-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-info-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-locale-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-locale-32bit-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-profile-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-profile-32bit-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'nscd-2.22-114.19.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'glibc-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-devel-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-devel-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-html-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-i18ndata-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-locale-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-locale-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-profile-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'glibc-profile-32bit-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'nscd-2.22-114.19.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:54:51", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5310-2 advisory.\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : GNU C Library vulnerabilities (USN-5310-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:glibc-source", "p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin", "p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-armel", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-armel", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-s390", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32", "p-cpe:/a:canonical:ubuntu_linux:libc6-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-pic", "p-cpe:/a:canonical:ubuntu_linux:libc6-s390", "p-cpe:/a:canonical:ubuntu_linux:libc6-x32", "p-cpe:/a:canonical:ubuntu_linux:locales", "p-cpe:/a:canonical:ubuntu_linux:locales-all", "p-cpe:/a:canonical:ubuntu_linux:multiarch-support", "p-cpe:/a:canonical:ubuntu_linux:nscd"], "id": "UBUNTU_USN-5310-2.NASL", "href": "https://www.tenable.com/plugins/nessus/158680", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5310-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158680);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n script_xref(name:\"USN\", value:\"5310-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : GNU C Library vulnerabilities (USN-5310-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5310-2 advisory.\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory\n corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and\n size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and\n escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5310-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-x32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:multiarch-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nscd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'glibc-source', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc-bin', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc-dev-bin', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-amd64', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-armel', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-dev', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-dev-amd64', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-dev-armel', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-dev-i386', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-dev-s390', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-dev-x32', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-i386', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-pic', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-s390', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'libc6-x32', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'locales', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'locales-all', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'multiarch-support', 'pkgver': '2.23-0ubuntu11.3+esm1'},\n {'osver': '16.04', 'pkgname': 'nscd', 'pkgver': '2.23-0ubuntu11.3+esm1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc-source / libc-bin / libc-dev-bin / libc6 / libc6-amd64 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:44", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0330-1 advisory.\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : glibc (openSUSE-SU-2022:0330-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-lang", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-base", "p-cpe:/a:novell:opensuse:glibc-locale-base-32bit", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:nscd", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157399", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0330-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157399);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"openSUSE 15 Security Update : glibc (openSUSE-SU-2022:0330-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0330-1 advisory.\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory\n corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and\n size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and\n escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194785\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUNMTSOEM6LU65NFICFVIHBARFG7LVO7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09ef02dc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23219\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'glibc-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-32bit-2.31-150300.9.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-32bit-2.31-150300.9.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-static-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-static-32bit-2.31-150300.9.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-extra-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-html-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-i18ndata-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-info-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-lang-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-base-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-locale-base-32bit-2.31-150300.9.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-profile-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-profile-32bit-2.31-150300.9.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-32bit-2.31-150300.9.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.31-150300.9.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:59:31", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0909-1 advisory.\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : glibc (SUSE-SU-2022:0909-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-32bit", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0909-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159130", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0909-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159130);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0909-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : glibc (SUSE-SU-2022:0909-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0909-1 advisory.\n\n - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory\n corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and\n size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and\n escalate their privileges on the system. (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23219\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010485.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?792689c1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'glibc-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-devel-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-devel-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-html-2.22-119.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-i18ndata-2.22-119.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-info-2.22-119.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-locale-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-locale-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-profile-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-profile-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'nscd-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'glibc-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-32bit-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-devel-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-devel-32bit-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-html-2.22-119.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-i18ndata-2.22-119.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-info-2.22-119.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-locale-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-locale-32bit-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-profile-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-profile-32bit-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'nscd-2.22-119.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'glibc-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-32bit-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-devel-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-devel-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-devel-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-devel-32bit-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-html-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-html-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-i18ndata-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-i18ndata-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-info-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-info-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-locale-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-locale-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-locale-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-locale-32bit-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-profile-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-profile-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-profile-32bit-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'glibc-profile-32bit-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'nscd-2.22-119.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'nscd-2.22-119.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / glibc-html / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:50", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9234 advisory.\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : glibc (ELSA-2022-9234)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-03-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:compat-libpthread-nonshared", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-all-langpacks", "p-cpe:/a:oracle:linux:glibc-benchtests", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-langpack-aa", "p-cpe:/a:oracle:linux:glibc-langpack-af", "p-cpe:/a:oracle:linux:glibc-langpack-agr", "p-cpe:/a:oracle:linux:glibc-langpack-ak", "p-cpe:/a:oracle:linux:glibc-langpack-am", "p-cpe:/a:oracle:linux:glibc-langpack-an", "p-cpe:/a:oracle:linux:glibc-langpack-anp", "p-cpe:/a:oracle:linux:glibc-langpack-ar", "p-cpe:/a:oracle:linux:glibc-langpack-as", "p-cpe:/a:oracle:linux:glibc-langpack-ast", "p-cpe:/a:oracle:linux:glibc-langpack-ayc", "p-cpe:/a:oracle:linux:glibc-langpack-az", "p-cpe:/a:oracle:linux:glibc-langpack-be", "p-cpe:/a:oracle:linux:glibc-langpack-bem", "p-cpe:/a:oracle:linux:glibc-langpack-ber", "p-cpe:/a:oracle:linux:glibc-langpack-bg", "p-cpe:/a:oracle:linux:glibc-langpack-bhb", "p-cpe:/a:oracle:linux:glibc-langpack-bho", "p-cpe:/a:oracle:linux:glibc-langpack-bi", "p-cpe:/a:oracle:linux:glibc-langpack-bn", "p-cpe:/a:oracle:linux:glibc-langpack-bo", "p-cpe:/a:oracle:linux:glibc-langpack-br", "p-cpe:/a:oracle:linux:glibc-langpack-brx", "p-cpe:/a:oracle:linux:glibc-langpack-bs", "p-cpe:/a:oracle:linux:glibc-langpack-byn", "p-cpe:/a:oracle:linux:glibc-langpack-ca", "p-cpe:/a:oracle:linux:glibc-langpack-ce", "p-cpe:/a:oracle:linux:glibc-langpack-chr", "p-cpe:/a:oracle:linux:glibc-langpack-cmn", "p-cpe:/a:oracle:linux:glibc-langpack-crh", "p-cpe:/a:oracle:linux:glibc-langpack-cs", "p-cpe:/a:oracle:linux:glibc-langpack-csb", "p-cpe:/a:oracle:linux:glibc-langpack-cv", "p-cpe:/a:oracle:linux:glibc-langpack-cy", "p-cpe:/a:oracle:linux:glibc-langpack-da", "p-cpe:/a:oracle:linux:glibc-langpack-de", "p-cpe:/a:oracle:linux:glibc-langpack-doi", "p-cpe:/a:oracle:linux:glibc-langpack-dsb", "p-cpe:/a:oracle:linux:glibc-langpack-dv", "p-cpe:/a:oracle:linux:glibc-langpack-dz", "p-cpe:/a:oracle:linux:glibc-langpack-el", "p-cpe:/a:oracle:linux:glibc-langpack-en", "p-cpe:/a:oracle:linux:glibc-langpack-eo", "p-cpe:/a:oracle:linux:glibc-langpack-es", "p-cpe:/a:oracle:linux:glibc-langpack-et", "p-cpe:/a:oracle:linux:glibc-langpack-eu", "p-cpe:/a:oracle:linux:glibc-langpack-fa", "p-cpe:/a:oracle:linux:glibc-langpack-ff", "p-cpe:/a:oracle:linux:glibc-langpack-fi", "p-cpe:/a:oracle:linux:glibc-langpack-fil", "p-cpe:/a:oracle:linux:glibc-langpack-fo", "p-cpe:/a:oracle:linux:glibc-langpack-fr", "p-cpe:/a:oracle:linux:glibc-langpack-fur", "p-cpe:/a:oracle:linux:glibc-langpack-fy", "p-cpe:/a:oracle:linux:glibc-langpack-ga", "p-cpe:/a:oracle:linux:glibc-langpack-gd", "p-cpe:/a:oracle:linux:glibc-langpack-gez", "p-cpe:/a:oracle:linux:glibc-langpack-gl", "p-cpe:/a:oracle:linux:glibc-langpack-gu", "p-cpe:/a:oracle:linux:glibc-langpack-gv", "p-cpe:/a:oracle:linux:glibc-langpack-ha", "p-cpe:/a:oracle:linux:glibc-langpack-hak", "p-cpe:/a:oracle:linux:glibc-langpack-he", "p-cpe:/a:oracle:linux:glibc-langpack-hi", "p-cpe:/a:oracle:linux:glibc-langpack-hif", "p-cpe:/a:oracle:linux:glibc-langpack-hne", "p-cpe:/a:oracle:linux:glibc-langpack-hr", "p-cpe:/a:oracle:linux:glibc-langpack-hsb", "p-cpe:/a:oracle:linux:glibc-langpack-ht", "p-cpe:/a:oracle:linux:glibc-langpack-hu", "p-cpe:/a:oracle:linux:glibc-langpack-hy", "p-cpe:/a:oracle:linux:glibc-langpack-ia", "p-cpe:/a:oracle:linux:glibc-langpack-id", "p-cpe:/a:oracle:linux:glibc-langpack-ig", "p-cpe:/a:oracle:linux:glibc-langpack-ik", "p-cpe:/a:oracle:linux:glibc-langpack-is", "p-cpe:/a:oracle:linux:glibc-langpack-it", "p-cpe:/a:oracle:linux:glibc-langpack-iu", "p-cpe:/a:oracle:linux:glibc-langpack-ja", "p-cpe:/a:oracle:linux:glibc-langpack-ka", "p-cpe:/a:oracle:linux:glibc-langpack-kab", "p-cpe:/a:oracle:linux:glibc-langpack-kk", "p-cpe:/a:oracle:linux:glibc-langpack-kl", "p-cpe:/a:oracle:linux:glibc-langpack-km", "p-cpe:/a:oracle:linux:glibc-langpack-kn", "p-cpe:/a:oracle:linux:glibc-langpack-ko", "p-cpe:/a:oracle:linux:glibc-langpack-kok", "p-cpe:/a:oracle:linux:glibc-langpack-ks", "p-cpe:/a:oracle:linux:glibc-langpack-ku", "p-cpe:/a:oracle:linux:glibc-langpack-kw", "p-cpe:/a:oracle:linux:glibc-langpack-ky", "p-cpe:/a:oracle:linux:glibc-langpack-lb", "p-cpe:/a:oracle:linux:glibc-langpack-lo", "p-cpe:/a:oracle:linux:glibc-langpack-lg", "p-cpe:/a:oracle:linux:glibc-langpack-li", "p-cpe:/a:oracle:linux:glibc-langpack-lt", "p-cpe:/a:oracle:linux:glibc-langpack-lij", "p-cpe:/a:oracle:linux:glibc-langpack-ln", "p-cpe:/a:oracle:linux:glibc-langpack-lv", "p-cpe:/a:oracle:linux:glibc-langpack-lzh", "p-cpe:/a:oracle:linux:glibc-langpack-sq", "p-cpe:/a:oracle:linux:glibc-langpack-mag", "p-cpe:/a:oracle:linux:glibc-langpack-mai", "p-cpe:/a:oracle:linux:glibc-langpack-mfe", "p-cpe:/a:oracle:linux:glibc-langpack-mg", "p-cpe:/a:oracle:linux:glibc-langpack-mhr", "p-cpe:/a:oracle:linux:glibc-langpack-mi", "p-cpe:/a:oracle:linux:glibc-langpack-miq", "p-cpe:/a:oracle:linux:glibc-langpack-mjw", "p-cpe:/a:oracle:linux:glibc-langpack-mk", "p-cpe:/a:oracle:linux:glibc-langpack-ml", "p-cpe:/a:oracle:linux:glibc-langpack-mn", "p-cpe:/a:oracle:linux:glibc-langpack-mni", "p-cpe:/a:oracle:linux:glibc-langpack-mr", "p-cpe:/a:oracle:linux:glibc-langpack-sr", "p-cpe:/a:oracle:linux:glibc-langpack-ms", "p-cpe:/a:oracle:linux:glibc-langpack-mt", "p-cpe:/a:oracle:linux:glibc-langpack-ss", "p-cpe:/a:oracle:linux:glibc-langpack-my", "p-cpe:/a:oracle:linux:glibc-langpack-nan", "p-cpe:/a:oracle:linux:glibc-langpack-nb", "p-cpe:/a:oracle:linux:glibc-langpack-nds", "p-cpe:/a:oracle:linux:glibc-langpack-ne", "p-cpe:/a:oracle:linux:glibc-langpack-nhn", "p-cpe:/a:oracle:linux:glibc-langpack-niu", "p-cpe:/a:oracle:linux:glibc-langpack-nl", "p-cpe:/a:oracle:linux:glibc-langpack-nn", "p-cpe:/a:oracle:linux:glibc-langpack-nr", "p-cpe:/a:oracle:linux:glibc-langpack-st", "p-cpe:/a:oracle:linux:glibc-langpack-sv", "p-cpe:/a:oracle:linux:glibc-langpack-nso", "p-cpe:/a:oracle:linux:glibc-langpack-sw", "p-cpe:/a:oracle:linux:glibc-langpack-szl", "p-cpe:/a:oracle:linux:glibc-langpack-oc", "p-cpe:/a:oracle:linux:glibc-langpack-ta", "p-cpe:/a:oracle:linux:glibc-langpack-om", "p-cpe:/a:oracle:linux:glibc-langpack-tcy", "p-cpe:/a:oracle:linux:glibc-langpack-te", "p-cpe:/a:oracle:linux:glibc-langpack-or", "p-cpe:/a:oracle:linux:glibc-langpack-tg", "p-cpe:/a:oracle:linux:glibc-langpack-th", "p-cpe:/a:oracle:linux:glibc-langpack-os", "p-cpe:/a:oracle:linux:glibc-langpack-the", "p-cpe:/a:oracle:linux:glibc-langpack-pa", "p-cpe:/a:oracle:linux:glibc-langpack-ti", "p-cpe:/a:oracle:linux:glibc-langpack-tig", "p-cpe:/a:oracle:linux:glibc-langpack-pap", "p-cpe:/a:oracle:linux:glibc-langpack-tk", "p-cpe:/a:oracle:linux:glibc-langpack-pl", "p-cpe:/a:oracle:linux:glibc-langpack-tl", "p-cpe:/a:oracle:linux:glibc-langpack-tn", "p-cpe:/a:oracle:linux:glibc-langpack-to", "p-cpe:/a:oracle:linux:glibc-langpack-tpi", "p-cpe:/a:oracle:linux:glibc-langpack-tr", "p-cpe:/a:oracle:linux:glibc-langpack-ps", "p-cpe:/a:oracle:linux:glibc-langpack-ts", "p-cpe:/a:oracle:linux:glibc-langpack-tt", "p-cpe:/a:oracle:linux:glibc-langpack-pt", "p-cpe:/a:oracle:linux:glibc-langpack-ug", "p-cpe:/a:oracle:linux:glibc-langpack-quz", "p-cpe:/a:oracle:linux:glibc-langpack-uk", "p-cpe:/a:oracle:linux:glibc-langpack-unm", "p-cpe:/a:oracle:linux:glibc-langpack-raj", "p-cpe:/a:oracle:linux:glibc-langpack-ur", "p-cpe:/a:oracle:linux:glibc-langpack-ro", "p-cpe:/a:oracle:linux:glibc-langpack-uz", "p-cpe:/a:oracle:linux:glibc-langpack-ve", "p-cpe:/a:oracle:linux:glibc-langpack-ru", "p-cpe:/a:oracle:linux:glibc-langpack-vi", "p-cpe:/a:oracle:linux:glibc-langpack-wa", "p-cpe:/a:oracle:linux:glibc-langpack-rw", "p-cpe:/a:oracle:linux:glibc-langpack-wae", "p-cpe:/a:oracle:linux:glibc-langpack-sa", "p-cpe:/a:oracle:linux:glibc-langpack-wal", "p-cpe:/a:oracle:linux:glibc-langpack-wo", "p-cpe:/a:oracle:linux:glibc-langpack-sah", "p-cpe:/a:oracle:linux:glibc-langpack-xh", "p-cpe:/a:oracle:linux:glibc-langpack-yi", "p-cpe:/a:oracle:linux:glibc-langpack-yo", "p-cpe:/a:oracle:linux:glibc-langpack-yue", "p-cpe:/a:oracle:linux:glibc-langpack-yuw", "p-cpe:/a:oracle:linux:glibc-langpack-sat", "p-cpe:/a:oracle:linux:glibc-langpack-zh", "p-cpe:/a:oracle:linux:glibc-langpack-zu", "p-cpe:/a:oracle:linux:glibc-langpack-sc", "p-cpe:/a:oracle:linux:glibc-locale-source", "p-cpe:/a:oracle:linux:glibc-minimal-langpack", "p-cpe:/a:oracle:linux:glibc-langpack-sd", "p-cpe:/a:oracle:linux:glibc-langpack-se", "p-cpe:/a:oracle:linux:glibc-nss-devel", "p-cpe:/a:oracle:linux:glibc-langpack-sgs", "p-cpe:/a:oracle:linux:glibc-langpack-shn", "p-cpe:/a:oracle:linux:glibc-langpack-shs", "p-cpe:/a:oracle:linux:glibc-langpack-si", "p-cpe:/a:oracle:linux:glibc-langpack-sid", "p-cpe:/a:oracle:linux:glibc-langpack-sk", "p-cpe:/a:oracle:linux:glibc-langpack-sl", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-langpack-sm", "p-cpe:/a:oracle:linux:glibc-langpack-so", "p-cpe:/a:oracle:linux:libnsl", "p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:nss_db", "p-cpe:/a:oracle:linux:nss_hesiod"], "id": "ORACLELINUX_ELSA-2022-9234.NASL", "href": "https://www.tenable.com/plugins/nessus/159070", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9234.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159070);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/18\");\n\n script_cve_id(\"CVE-2021-3999\", \"CVE-2022-23218\", \"CVE-2022-23219\");\n\n script_name(english:\"Oracle Linux 8 : glibc (ELSA-2022-9234)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9234 advisory.\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9234.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-libpthread-nonshared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-benchtests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-agr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-anp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ayc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bhb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bho\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-brx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-byn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-chr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cmn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-crh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-doi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-dz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gez\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-iu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kok\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-kw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ky\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-li\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ln\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-lzh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mfe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mhr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-miq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mjw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nhn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-niu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-om\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-quz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-raj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sgs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-shn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-shs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tcy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-the\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-to\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-tt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-unm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-wo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-yuw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-zh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-langpack-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-locale-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-minimal-langpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss_db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss_hesiod\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'compat-libpthread-nonshared-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'compat-libpthread-nonshared-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-all-langpacks-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-all-langpacks-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-benchtests-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-benchtests-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-common-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-common-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-devel-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-devel-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-devel-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-headers-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-headers-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-headers-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-aa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-aa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-af-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-af-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-agr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-agr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ak-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ak-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-am-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-am-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-an-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-an-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-anp-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-anp-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ar-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ar-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-as-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-as-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ast-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ast-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ayc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ayc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-az-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-az-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-be-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-be-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bem-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bem-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ber-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ber-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bhb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bhb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bho-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bho-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-br-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-br-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-brx-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-brx-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-bs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-byn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-byn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ca-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ca-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ce-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ce-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-chr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-chr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cmn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cmn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-crh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-crh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-csb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-csb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-cy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-da-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-da-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-de-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-de-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-doi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-doi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-dsb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-dsb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-dv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-dv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-dz-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-dz-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-el-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-el-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-en-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-en-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-eo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-eo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-es-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-es-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-et-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-et-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-eu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-eu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ff-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ff-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fil-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fil-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fur-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fur-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-fy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ga-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ga-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gd-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gd-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gez-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gez-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-gv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ha-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ha-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hak-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hak-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-he-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-he-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hif-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hif-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hne-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hne-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hsb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hsb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ht-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ht-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-hy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ia-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ia-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-id-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-id-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ig-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ig-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ik-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ik-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-is-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-is-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-it-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-it-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-iu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-iu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ja-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ja-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ka-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ka-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kab-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kab-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-km-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-km-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ko-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ko-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kok-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kok-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ks-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ks-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ku-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ku-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-kw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ky-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ky-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-li-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-li-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lij-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lij-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ln-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ln-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lzh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-lzh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mag-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mag-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mai-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mai-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mfe-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mfe-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mhr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mhr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-miq-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-miq-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mjw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mjw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ml-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ml-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mni-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mni-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ms-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ms-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-mt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-my-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-my-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nan-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nan-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nb-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nds-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nds-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ne-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ne-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nhn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nhn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-niu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-niu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nso-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-nso-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-oc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-oc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-om-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-om-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-or-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-or-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-os-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-os-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pap-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pap-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ps-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ps-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-pt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-quz-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-quz-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-raj-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-raj-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ro-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ro-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ru-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ru-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-rw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-rw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sah-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sah-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sat-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sat-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sc-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sd-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sd-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-se-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-se-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sgs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sgs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-shn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-shn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-shs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-shs-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-si-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-si-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sid-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sid-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sm-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sm-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-so-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-so-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sq-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sq-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ss-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ss-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-st-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-st-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sv-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-sw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-szl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-szl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ta-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ta-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tcy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tcy-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-te-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-te-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tg-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-th-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-th-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-the-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-the-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ti-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ti-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tig-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tig-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tn-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-to-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-to-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tpi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tpi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tr-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ts-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ts-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-tt-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ug-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ug-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-uk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-uk-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-unm-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-unm-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ur-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ur-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-uz-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-uz-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ve-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-ve-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-vi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-vi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wa-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wae-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wae-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wal-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wal-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-wo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-xh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-xh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yi-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yo-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yue-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yue-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yuw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-yuw-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-zh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-zh-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-zu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-langpack-zu-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-locale-source-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-locale-source-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-minimal-langpack-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-minimal-langpack-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-nss-devel-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-nss-devel-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-nss-devel-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-static-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-static-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-static-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-utils-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'glibc-utils-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libnsl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libnsl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'libnsl-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nscd-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nscd-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nss_db-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nss_db-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nss_db-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nss_hesiod-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nss_hesiod-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'nss_hesiod-2.28-164.0.5.ksplice1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8_5.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'compat-libpthread-nonshared / glibc / glibc-all-langpacks / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:37:53", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0896 advisory.\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\n - glibc: Stack-based buffer overflow in svcunix_create via long pathnames (CVE-2022-23218)\n\n - glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname (CVE-2022-23219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-15T00:00:00", "type": "nessus", "title": "RHEL 8 : glibc (RHSA-2022:0896)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:compat-libpthread-nonshared", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-all-langpacks", "p-cpe:/a:redhat:enterprise_linux:glibc-benchtests", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-aa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-af", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-agr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ak", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-am", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-an", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-anp", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ar", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-as", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ast", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ayc", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-az", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-be", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bem", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ber", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bhb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bho", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-br", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-brx", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-bs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-byn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ca", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ce", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-chr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cmn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-crh", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-csb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-cy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-da", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-de", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-doi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dsb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-dz", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-el", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-en", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-eo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-es", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-et", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-eu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ff", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fil", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fur", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-fy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ga", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gd", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gez", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-gv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ha", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hak", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-he", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hif", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hne", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hsb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ht", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-hy", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ia", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-id", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ig", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ik", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-is", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-it", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-iu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ja", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ka", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kab", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-km", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ko", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kok", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ks", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ku", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-kw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ky", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-li", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lij", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ln", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lo", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-lzh", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mag", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mai", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mfe", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mg", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mhr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mi", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-miq", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mjw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ml", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mni", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ms", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-mt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-my", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nan", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nb", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nds", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ne", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nhn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-niu", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-nso", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-oc", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-om", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-or", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-os", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pap", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ps", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-pt", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-quz", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-raj", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ro", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ru", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-rw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sa", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sah", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sat", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sc", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sd", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-se", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sgs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-shn", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-shs", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-si", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sid", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sk", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sm", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-so", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sq", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sr", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ss", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-st", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sv", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-sw", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-szl", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-ta", "p-cpe:/a:redhat:enterprise_linux:glibc-langpack-tcy", "p-cpe:/a:redhat:enterprise_linux:glibc-lang