Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.
CVE-2014-8146
The Unicode Bidirectional Algorithm implementation does not properly
track directionally isolated pieces of text, which allows remote
attackers to cause a denial of service (heap-based buffer overflow)
or possibly execute arbitrary code via crafted text.
CVE-2014-8147
The Unicode Bidirectional Algorithm implementation uses an integer
data type that is inconsistent with a header file, which allows
remote attackers to cause a denial of service (incorrect malloc
followed by invalid free) or possibly execute arbitrary code via
crafted text.
CVE-2015-4760
The Layout Engine was missing multiple boundary checks. These could
lead to buffer overflows and memory corruption. A specially crafted
file could cause an application using ICU to parse untrusted font
files to crash and, possibly, execute arbitrary code.
Additionally, it was discovered that the patch applied to ICU in DSA-3187-1
for CVE-2014-6585 was incomplete, possibly leading to an invalid memory
access. This could allow remote attackers to disclose portion of private
memory via crafted font files.
For the oldstable distribution (wheezy), these problems have been fixed
in version 4.8.1.1-12+deb7u3.
For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u2.
For the testing distribution (stretch), these problems have been fixed
in version 52.1-10.
For the unstable distribution (sid), these problems have been fixed in
version 52.1-10.
We recommend that you upgrade your icu packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
{"id": "DEBIAN:DSA-3323-1:B926B", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 3323-1] icu security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3323-1 security@debian.org\nhttps://www.debian.org/security/ Laszlo Boszormenyi\nAugust 01, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icu\nCVE ID : CVE-2014-6585 CVE-2014-8146 CVE-2014-8147 CVE-2015-4760\nDebian Bug : 778511 784773\n\nSeveral vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.\n\nCVE-2014-8146\n\n The Unicode Bidirectional Algorithm implementation does not properly\n track directionally isolated pieces of text, which allows remote\n attackers to cause a denial of service (heap-based buffer overflow)\n or possibly execute arbitrary code via crafted text.\n\nCVE-2014-8147\n\n The Unicode Bidirectional Algorithm implementation uses an integer\n data type that is inconsistent with a header file, which allows\n remote attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary code via\n crafted text.\n\nCVE-2015-4760\n\n The Layout Engine was missing multiple boundary checks. These could\n lead to buffer overflows and memory corruption. A specially crafted\n file could cause an application using ICU to parse untrusted font\n files to crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585 was incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.8.1.1-12+deb7u3.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 52.1-10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.1-10.\n\nWe recommend that you upgrade your icu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2015-08-01T16:15:09", "modified": "2015-08-01T16:15:09", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00219.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2014-6585", "CVE-2014-8147", "CVE-2014-8146", "CVE-2015-4760"], "type": "debian", "lastseen": "2020-08-12T00:47:19", "edition": 11, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K16835", "SOL16835", "F5:K17173", "SOL17173", "SOL16352", "F5:K16352"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32019", "SECURITYVULNS:DOC:31765", "SECURITYVULNS:VULN:14291", "SECURITYVULNS:VULN:14704", "SECURITYVULNS:VULN:14455"]}, {"type": "cve", "idList": ["CVE-2014-6585", "CVE-2015-4760", "CVE-2014-8146", "CVE-2014-8147"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842437", "OPENVAS:1361412562310851765", "OPENVAS:1361412562310842206", "OPENVAS:1361412562310703323", "OPENVAS:703323", "OPENVAS:1361412562310869314", "OPENVAS:1361412562310869156", "OPENVAS:1361412562310869116", "OPENVAS:1361412562310130081", "OPENVAS:1361412562310121385"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201507-04.NASL", "SUSE_SU-2017-2318-1.NASL", "UBUNTU_USN-2605-1.NASL", "SUSE_SU-2016-0324-1.NASL", "F5_BIGIP_SOL17173.NASL", "DEBIAN_DLA-283.NASL", "DEBIAN_DSA-3323.NASL", "SUSE_SU-2015-1915-1.NASL", "OPENSUSE-2017-1011.NASL", "OPENSUSE-2015-953.NASL"]}, {"type": "ubuntu", "idList": ["USN-2605-1", "USN-2522-1", "USN-2740-1", "USN-2522-2", "USN-2522-3"]}, {"type": "gentoo", "idList": ["GLSA-201507-04"]}, {"type": "exploitdb", "idList": ["EDB-ID:43887"]}, {"type": "cert", "idList": ["VU:602540"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9750C06F2886431FD4242B84085D678F"]}, {"type": "threatpost", "idList": ["THREATPOST:21C84911FABE072264B0D4CA5BD42C30"]}, {"type": "debian", "idList": ["DEBIAN:DLA-283-1:93981", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-219-1:C7AC1", "DEBIAN:DSA-3187-1:97BB3"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1422-1"]}, {"type": "fedora", "idList": ["FEDORA:DDCDA60582B7", "FEDORA:456376058289", "FEDORA:DE02E608A49F", "FEDORA:D1E11620D217", "FEDORA:00D0E60BD9AA", "FEDORA:B72AB60A6822"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:07FC899E9F5F58E4BEDD842E4A4820A4"]}, {"type": "redhat", "idList": ["RHSA-2015:0068", "RHSA-2015:0136", "RHSA-2015:0085"]}, {"type": "centos", "idList": ["CESA-2015:0085", "CESA-2015:0067"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0068"]}, {"type": "amazon", "idList": ["ALAS-2015-471"]}], "modified": "2020-08-12T00:47:19", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2020-08-12T00:47:19", "rev": 2}, "vulnersScore": 8.5}, "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "icu_52.1-8+deb8u2_all.deb", "packageName": "icu", "packageVersion": "52.1-8+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "icu-devtools_52.1-8+deb8u2_all.deb", "packageName": "icu-devtools", "packageVersion": "52.1-8+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libicu-dev_52.1-8+deb8u2_all.deb", "packageName": "libicu-dev", "packageVersion": "52.1-8+deb8u2"}, {"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "icu_4.8.1.1-12+deb7u3_all.deb", "packageName": "icu", "packageVersion": "4.8.1.1-12+deb7u3"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libicu52_52.1-8+deb8u2_all.deb", "packageName": "libicu52", "packageVersion": "52.1-8+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "icu-doc_52.1-8+deb8u2_all.deb", "packageName": "icu-doc", "packageVersion": "52.1-8+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libicu52-dbg_52.1-8+deb8u2_all.deb", "packageName": "libicu52-dbg", "packageVersion": "52.1-8+deb8u2"}], "scheme": null}
{"f5": [{"lastseen": "2017-10-12T02:11:20", "bulletinFamily": "software", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "edition": 1, "description": " \n\n\n * [CVE-2014-8146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146>) \n \nThe resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.\n * [CVE-2014-8147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147>) \n \nThe resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. \n\n\nImpact \n\n\nThis vulnerability may allow remote attackers to cause a denial-of-service (DoS) or possibly execute arbitrary code using crafted text. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-07-03T00:39:00", "href": "https://support.f5.com/csp/article/K16835", "id": "F5:K16835", "title": "ICU overflow vulnerabilities CVE-2014-8146 and CVE-2014-8147", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:30", "bulletinFamily": "software", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16835.html", "id": "SOL16835", "title": "SOL16835 - ICU overflow vulnerabilities CVE-2014-8146 and CVE-2014-8147", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:04", "bulletinFamily": "software", "cvelist": ["CVE-2015-4760"], "edition": 1, "description": "\nF5 Product Development has assigned ID 540718 (BIG-IP), ID 541002 (BIG-IQ), and ID 541005 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| JRE6 \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| JRE6 \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| JRE6 \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| JRE6 \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| JRE6 \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| JRE6 \nBIG-IP DNS| 12.0.0| 12.1.0| Low| JRE6 \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| JRE6 \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| JRE6 \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| JRE6 \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| JRE6 \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| JRE6 \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| JRE6 \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| JRE6 \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| JRE6 \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| JRE6 \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| JRE6 \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| JRE6 \nBIG-IQ ADC| 4.5.0| None| Low| JRE6 \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| None| Low| JRE6 \nLineRate| None| 2.4.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nThere are no remote access vectors for this issue, nor is there data plane exposure. Context of attacker is a locally authenticated user.\n\nTo mitigate this vulnerability for the BIG-IP system, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-08-23T21:16:00", "published": "2015-08-28T20:29:00", "id": "F5:K17173", "href": "https://support.f5.com/csp/article/K17173", "title": "OpenJDK vulnerability CVE-2015-4760", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-4760"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nThere are no remote access vectors for this issue, nor is there data plane exposure. Context of attacker is a locally authenticated user.\n\nTo mitigate this vulnerability for the BIG-IP system, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-08-23T00:00:00", "published": "2015-08-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17173.html", "id": "SOL17173", "title": "SOL17173 - OpenJDK vulnerability CVE-2015-4760", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:30", "bulletinFamily": "software", "cvelist": ["CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerabilities, and for information about releases or hotfixes that address the vulnerabilities, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.0 \n1.6.0 - 1.6.4| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the** Severity** value. Security Advisory articles published before this date do not list a** Severity** value.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2017-04-06T16:50:00", "published": "2015-04-02T23:52:00", "href": "https://support.f5.com/csp/article/K16352", "id": "F5:K16352", "title": "Multiple OpenJDK vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2016-07-25T00:00:00", "published": "2015-04-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16352.html", "id": "SOL16352", "title": "SOL16352 - Multiple OpenJDK vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "description": "\r\n\r\ntl;dr heap and integer overflows in ICU, many packages affected,\r\nunknown if these can be exploited or not - everyone names vulns\r\nnowadays, so I name these I-C-U-FAIL.\r\n\r\nHi,\r\n\r\nI have found two vulnerabilities in the ICU library while fuzzing\r\nLibreOffice, full details in the advisory below.\r\nDisclosure of these was done initially to LibreOffice and then to\r\ndistro-security. I then reported it to Chromium, Android and finally\r\nCERT, so I ended up breaking the rules of distro-security which\r\nrequires that any vulnerability reported to the list is made public in\r\n14 days. I apologise for this to oss-security, distro-security and\r\nSolar Designer, and will not do it again.\r\n\r\nA full copy of the advisory below can be found in my repo at\r\nhttps://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt.\r\n\r\nRegards,\r\nPedro\r\n\r\n\r\n>> Heap overflow and integer overflow in ICU library\r\n>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security\r\n=================================================================================\r\nDisclosure: 04/05/2015 / Last updated: 04/05/2015\r\n\r\n>> Background on the affected products:\r\nICU is a mature, widely used set of C/C++ and Java libraries providing\r\nUnicode and Globalization support for software applications. ICU is\r\nwidely portable and gives applications the same results on all\r\nplatforms and between C/C++ and Java software.\r\n\r\n\r\n>> Summary:\r\nWhile fuzzing LibreOffice an integer overflow and a heap overflow\r\nwhere found in the ICU library. This library is used by LibreOffice\r\nand hundreds of other software packages.\r\nProof of concept files can be downloaded from [1]. These files have\r\nbeen tested with LibreOffice 4.3.3.2 and LibreOffice 4.4.0-beta2 and\r\nICU 52.\r\nNote that at this point in time it is unknown whether these\r\nvulnerabilities are exploitable.\r\nThanks to CERT [2] for helping disclose these vulnerabilities.\r\n\r\n\r\n>> Technical details:\r\n#1\r\nVulnerability: Heap overflow\r\nCVE-2014-8146\r\n\r\nThe code to blame is the following (from ubidi.c:2148 in ICU 52):\r\n dirProp=dirProps[limit-1];\r\n if((dirProp==LRI || dirProp==RLI) && limit<pBiDi->length) {\r\n pBiDi->isolateCount++;\r\n pBiDi->isolates[pBiDi->isolateCount].stateImp=stateImp;\r\n pBiDi->isolates[pBiDi->isolateCount].state=levState.state;\r\n pBiDi->isolates[pBiDi->isolateCount].start1=start1;\r\n }\r\n else\r\n processPropertySeq(pBiDi, &levState, eor, limit, limit);\r\n\r\nUnder certain conditions, isolateCount is incremented too many times,\r\nwhich results in several out of bounds writes. See [1] for a more\r\ndetailed analysis.\r\n\r\n\r\n#2\r\nVulnerability: Integer overflow\r\nCVE-2014-8147\r\n\r\nThe overflow is on the resolveImplicitLevels function (ubidi.c:2248):\r\n pBiDi->isolates[pBiDi->isolateCount].state=levState.state;\r\n\r\npBiDi->isolates[].state is a int16, while levState.state is a int32.\r\nThe overflow causes an error when performing a malloc on\r\npBiDi->insertPoints->points because insertPoints is adjacent in memory\r\nto isolates[].\r\n\r\nThe Isolate struct is defined in ubidiimp.h:184\r\ntypedef struct Isolate {\r\n int32_t startON;\r\n int32_t start1;\r\n int16_t stateImp;\r\n int16_t state;\r\n} Isolate;\r\n\r\nLevState is defined in ubidi.c:1748\r\ntypedef struct {\r\n const ImpTab * pImpTab; /* level table pointer */\r\n const ImpAct * pImpAct; /* action map array */\r\n int32_t startON; /* start of ON sequence */\r\n int32_t startL2EN; /* start of level 2 sequence */\r\n int32_t lastStrongRTL; /* index of last found R or AL */\r\n int32_t state; /* current state */\r\n int32_t runStart; /* start position of the run */\r\n UBiDiLevel runLevel; /* run level before implicit solving */\r\n} LevState;\r\n\r\n\r\n>> Fix:\r\nThe ICU versions that are confirmed to be affected are 52 to 54, but\r\nearlier versions might also be affected. Upgrade to ICU 55.1 to fix\r\nthese vulnerabilities.\r\nNote that there are probably many other software packages that embed\r\nthe ICU code and will probably also need to be updated.\r\n\r\n\r\n>> References:\r\n[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z\r\n[2] https://www.kb.cert.org/vuls/id/602540\r\n\r\n", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:DOC:32019", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32019", "title": "[CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "description": "Buffer overflow, integer overflow.", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:VULN:14455", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14455", "title": "libicu security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-2632", "CVE-2015-1270", "CVE-2015-4760"], "description": "Memory corruption on symbols parsing.", "edition": 1, "modified": "2015-10-05T00:00:00", "published": "2015-10-05T00:00:00", "id": "SECURITYVULNS:VULN:14704", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14704", "title": "libicu memory corruption", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2522-1\r\nMarch 05, 2015\r\n\r\nicu vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nICU could be made to crash or run programs as your login if it processed\r\nspecially crafted data.\r\n\r\nSoftware Description:\r\n- icu: International Components for Unicode library\r\n\r\nDetails:\r\n\r\nIt was discovered that ICU incorrectly handled memory operations when\r\nprocessing fonts. If an application using ICU processed crafted data, an\r\nattacker could cause it to crash or potentially execute arbitrary code with\r\nthe privileges of the user invoking the program. This issue only affected\r\nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\r\nCVE-2013-2419)\r\n\r\nIt was discovered that ICU incorrectly handled memory operations when\r\nprocessing fonts. If an application using ICU processed crafted data, an\r\nattacker could cause it to crash or potentially execute arbitrary code with\r\nthe privileges of the user invoking the program. (CVE-2014-6585,\r\nCVE-2014-6591)\r\n\r\nIt was discovered that ICU incorrectly handled memory operations when\r\nprocessing regular expressions. If an application using ICU processed\r\ncrafted data, an attacker could cause it to crash or potentially execute\r\narbitrary code with the privileges of the user invoking the program.\r\n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\r\n\r\nIt was discovered that ICU collator implementation incorrectly handled\r\nmemory operations. If an application using ICU processed crafted data, an\r\nattacker could cause it to crash or potentially execute arbitrary code with\r\nthe privileges of the user invoking the program. (CVE-2014-7940)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n libicu52 52.1-6ubuntu0.2\r\n\r\nUbuntu 14.04 LTS:\r\n libicu52 52.1-3ubuntu0.2\r\n\r\nUbuntu 12.04 LTS:\r\n libicu48 4.8.1.1-3ubuntu0.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2522-1\r\n CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419,\r\n CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926,\r\n CVE-2014-7940, CVE-2014-9654\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/icu/52.1-6ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/icu/4.8.1.1-3ubuntu0.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:DOC:31765", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31765", "title": "[USN-2522-1] ICU vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:VULN:14291", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14291", "title": "libicu multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-12-09T19:58:28", "description": "The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.", "edition": 6, "cvss3": {}, "published": "2015-05-25T22:59:00", "title": "CVE-2014-8146", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8146"], "modified": "2019-04-23T19:29:00", "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:apple:itunes:12.1.3", "cpe:/o:apple:iphone_os:8.2", "cpe:/o:apple:watchos:1.0.1"], "id": "CVE-2014-8146", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8146", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:28", "description": "The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.", "edition": 7, "cvss3": {}, "published": "2015-05-25T22:59:00", "title": "CVE-2014-8147", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8147"], "modified": "2019-04-23T19:29:00", "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/o:apple:watchos:1.0.1"], "id": "CVE-2014-8147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8147", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:20", "description": "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.\nper: \"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\"\n\nApplies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.", "edition": 4, "cvss3": {}, "published": "2015-01-21T15:28:00", "title": "CVE-2014-6585", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6585"], "modified": "2020-09-08T13:00:00", "cpe": ["cpe:/a:oracle:jre:1.6.0", "cpe:/a:oracle:jdk:1.5.0", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jre:1.5.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2014-6585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6585", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_85:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_75:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_75:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_72:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_85:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:52", "description": "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.\nPer Advisory: <a href=\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\">Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</a>", "edition": 4, "cvss3": {}, "published": "2015-07-16T11:00:00", "title": "CVE-2015-4760", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4760"], "modified": "2020-09-08T12:30:00", "cpe": ["cpe:/a:oracle:jre:1.6.0", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2015-4760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4760", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6585", "CVE-2014-8147", "CVE-2014-8146", "CVE-2015-4760"], "description": "Several vulnerabilities were discovered\nin the International Components for Unicode (ICU) library.\n\nCVE-2014-8146\nThe Unicode Bidirectional Algorithm implementation does not properly\ntrack directionally isolated pieces of text, which allows remote\nattackers to cause a denial of service (heap-based buffer overflow)\nor possibly execute arbitrary code via crafted text.\n\nCVE-2014-8147\nThe Unicode Bidirectional Algorithm implementation uses an integer\ndata type that is inconsistent with a header file, which allows\nremote attackers to cause a denial of service (incorrect malloc\nfollowed by invalid free) or possibly execute arbitrary code via\ncrafted text.\n\nCVE-2015-4760\nThe Layout Engine was missing multiple boundary checks. These could\nlead to buffer overflows and memory corruption. A specially crafted\nfile could cause an application using ICU to parse untrusted font\nfiles to crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585\nwas incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.", "modified": "2019-03-18T00:00:00", "published": "2015-08-01T00:00:00", "id": "OPENVAS:1361412562310703323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703323", "type": "openvas", "title": "Debian Security Advisory DSA 3323-1 (icu - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3323.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3323-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703323\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-6585\", \"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2015-4760\");\n script_name(\"Debian Security Advisory DSA 3323-1 (icu - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-01 00:00:00 +0200 (Sat, 01 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3323.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"icu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 4.8.1.1-12+deb7u3.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 52.1-10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.1-10.\n\nWe recommend that you upgrade your icu packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin the International Components for Unicode (ICU) library.\n\nCVE-2014-8146\nThe Unicode Bidirectional Algorithm implementation does not properly\ntrack directionally isolated pieces of text, which allows remote\nattackers to cause a denial of service (heap-based buffer overflow)\nor possibly execute arbitrary code via crafted text.\n\nCVE-2014-8147\nThe Unicode Bidirectional Algorithm implementation uses an integer\ndata type that is inconsistent with a header file, which allows\nremote attackers to cause a denial of service (incorrect malloc\nfollowed by invalid free) or possibly execute arbitrary code via\ncrafted text.\n\nCVE-2015-4760\nThe Layout Engine was missing multiple boundary checks. These could\nlead to buffer overflows and memory corruption. A specially crafted\nfile could cause an application using ICU to parse untrusted font\nfiles to crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585\nwas incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"4.8.1.1-12+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"4.8.1.1-12+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu48:amd64\", ver:\"4.8.1.1-12+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu48:i386\", ver:\"4.8.1.1-12+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libicu48-dbg\", ver:\"4.8.1.1-12+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6585", "CVE-2014-8147", "CVE-2014-8146", "CVE-2015-4760"], "description": "Several vulnerabilities were discovered\nin the International Components for Unicode (ICU) library.\n\nCVE-2014-8146 \nThe Unicode Bidirectional Algorithm implementation does not properly\ntrack directionally isolated pieces of text, which allows remote\nattackers to cause a denial of service (heap-based buffer overflow)\nor possibly execute arbitrary code via crafted text.\n\nCVE-2014-8147 \nThe Unicode Bidirectional Algorithm implementation uses an integer\ndata type that is inconsistent with a header file, which allows\nremote attackers to cause a denial of service (incorrect malloc\nfollowed by invalid free) or possibly execute arbitrary code via\ncrafted text.\n\nCVE-2015-4760 \nThe Layout Engine was missing multiple boundary checks. These could\nlead to buffer overflows and memory corruption. A specially crafted\nfile could cause an application using ICU to parse untrusted font\nfiles to crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585 \nwas incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.", "modified": "2017-07-07T00:00:00", "published": "2015-08-01T00:00:00", "id": "OPENVAS:703323", "href": "http://plugins.openvas.org/nasl.php?oid=703323", "type": "openvas", "title": "Debian Security Advisory DSA 3323-1 (icu - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3323.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3323-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703323);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-6585\", \"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2015-4760\");\n script_name(\"Debian Security Advisory DSA 3323-1 (icu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-08-01 00:00:00 +0200 (Sat, 01 Aug 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3323.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icu on Debian Linux\");\n script_tag(name: \"insight\", value: \"ICU is a C++ and C library that provides\nrobust and full-featured Unicode and locale support.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 4.8.1.1-12+deb7u3.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 52.1-10.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.1-10.\n\nWe recommend that you upgrade your icu packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin the International Components for Unicode (ICU) library.\n\nCVE-2014-8146 \nThe Unicode Bidirectional Algorithm implementation does not properly\ntrack directionally isolated pieces of text, which allows remote\nattackers to cause a denial of service (heap-based buffer overflow)\nor possibly execute arbitrary code via crafted text.\n\nCVE-2014-8147 \nThe Unicode Bidirectional Algorithm implementation uses an integer\ndata type that is inconsistent with a header file, which allows\nremote attackers to cause a denial of service (incorrect malloc\nfollowed by invalid free) or possibly execute arbitrary code via\ncrafted text.\n\nCVE-2015-4760 \nThe Layout Engine was missing multiple boundary checks. These could\nlead to buffer overflows and memory corruption. A specially crafted\nfile could cause an application using ICU to parse untrusted font\nfiles to crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585 \nwas incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"4.8.1.1-12+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"4.8.1.1-12+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu48:amd64\", ver:\"4.8.1.1-12+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu48:i386\", ver:\"4.8.1.1-12+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu48-dbg\", ver:\"4.8.1.1-12+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "description": "Gentoo Linux Local Security Checks GLSA 201507-04", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121385", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201507-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201507-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121385\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:53 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201507-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201507-04\");\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201507-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/icu\", unaffected: make_list(\"ge 55.1\"), vulnerable: make_list(\"lt 55.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-05-12T00:00:00", "id": "OPENVAS:1361412562310842206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842206", "type": "openvas", "title": "Ubuntu Update for icu USN-2605-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for icu USN-2605-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842206\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-12 05:43:58 +0200 (Tue, 12 May 2015)\");\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for icu USN-2605-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Pedro Ribeiro discovered that ICU\nincorrectly handled certain memory operations when processing data. If an\napplication using ICU processed crafted data, an attacker could cause it to crash\nor potentially execute arbitrary code with the privileges of the user invoking\nthe program.\");\n script_tag(name:\"affected\", value:\"icu on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2605-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2605-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu52:amd64\", ver:\"52.1-6ubuntu0.3\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libicu52:i386\", ver:\"52.1-6ubuntu0.3\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu52:amd64\", ver:\"52.1-3ubuntu0.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libicu52:i386\", ver:\"52.1-3ubuntu0.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4760"], "description": "Mageia Linux Local Security Checks mgasa-2015-0297", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130081", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0297", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0297.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130081\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:29 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0297\");\n script_tag(name:\"insight\", value:\"It was discovered that ICU Layout Engine was missing multiple boundary checks. These could lead to buffer overflows memory corruption. A specially crafted file could cause an application using ICU to parse untrusted font files to crash and, possibly, execute arbitrary code (CVE-2015-4760).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0297.html\");\n script_cve_id(\"CVE-2015-4760\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0297\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~53.1~12.2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:42:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7867", "CVE-2017-17484", "CVE-2017-15422", "CVE-2014-8147", "CVE-2014-8146", "CVE-2016-6293", "CVE-2017-7868", "CVE-2017-14952"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-05-26T00:00:00", "id": "OPENVAS:1361412562310851765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851765", "type": "openvas", "title": "openSUSE: Security Advisory for icu (openSUSE-SU-2018:1422-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851765\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-26 05:45:12 +0200 (Sat, 26 May 2018)\");\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2016-6293\", \"CVE-2017-14952\",\n \"CVE-2017-15422\", \"CVE-2017-17484\", \"CVE-2017-7867\", \"CVE-2017-7868\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for icu (openSUSE-SU-2018:1422-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"icu was updated to fix two security issues.\n\n These security issues were fixed:\n\n - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in\n the Unicode Bidirectional Algorithm implementation in ICU4C in\n International Components for Unicode (ICU) used an integer data type\n that is inconsistent with a header file, which allowed remote attackers\n to cause a denial of service (incorrect malloc followed by invalid free)\n or possibly execute arbitrary code via crafted text (bsc#929629).\n\n - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in\n the Unicode Bidirectional Algorithm implementation in ICU4C in\n International Components for Unicode (ICU) did not properly track\n directionally isolated pieces of text, which allowed remote attackers to\n cause a denial of service (heap-based buffer overflow) or possibly\n execute arbitrary code via crafted text (bsc#929629).\n\n - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode (ICU) for C/C++\n did not ensure that there is a '\\0' character at the end of a certain\n temporary array, which allowed remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have unspecified other impact\n via a call with a long httpAcceptLanguage argument (bsc#990636).\n\n - CVE-2017-7868: International Components for Unicode (ICU) for C/C++\n 2017-02-13 has an out-of-bounds write caused by a heap-based buffer\n overflow related to the utf8TextAccess function in common/utext.cpp and\n the utext_moveIndex32* function (bsc#1034674)\n\n - CVE-2017-7867: International Components for Unicode (ICU) for C/C++\n 2017-02-13 has an out-of-bounds write caused by a heap-based buffer\n overflow related to the utf8TextAccess function in common/utext.cpp and\n the utext_setNativeIndex* function (bsc#1034678)\n\n - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International\n Components for Unicode (ICU) for C/C++ allowed remote attackers to\n execute arbitrary code via a crafted string, aka a 'redundant UVector\n entry clean up function call' issue (bnc#1067203)\n\n - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in\n International Components for Unicode (ICU) for C/C++ mishandled\n ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote\n attackers to cause a denial of service (stack-based buffer overflow and\n application crash) or possibly have unspecified other impact via a\n crafted string, as demonstrated by ZNC (bnc#1072193)\n\n - CVE-2017-15422: An integer overflow in icu during persian calendar date\n processing could ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"icu on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1422-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00103.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"icu\", rpm:\"icu~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icu-debuginfo\", rpm:\"icu-debuginfo~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icu-debugsource\", rpm:\"icu-debugsource~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu52_1\", rpm:\"libicu52_1~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu52_1-data\", rpm:\"libicu52_1-data~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu52_1-debuginfo\", rpm:\"libicu52_1-debuginfo~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu-devel-32bit\", rpm:\"libicu-devel-32bit~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu52_1-32bit\", rpm:\"libicu52_1-32bit~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libicu52_1-debuginfo-32bit\", rpm:\"libicu52_1-debuginfo-32bit~52.1~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6585", "CVE-2014-6591"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-03T00:00:00", "id": "OPENVAS:1361412562310869156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869156", "type": "openvas", "title": "Fedora Update for icu FEDORA-2015-3569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2015-3569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869156\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-03 05:08:15 +0200 (Fri, 03 Apr 2015)\");\n script_cve_id(\"CVE-2014-6585\", \"CVE-2014-6591\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for icu FEDORA-2015-3569\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"icu on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-3569\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154190.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~52.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6585", "CVE-2014-6591"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-22T00:00:00", "id": "OPENVAS:1361412562310869116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869116", "type": "openvas", "title": "Fedora Update for icu FEDORA-2015-3590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2015-3590\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869116\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-22 06:53:52 +0100 (Sun, 22 Mar 2015)\");\n script_cve_id(\"CVE-2014-6585\", \"CVE-2014-6591\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for icu FEDORA-2015-3590\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"icu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-3590\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152738.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~50.1.2~11.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2632", "CVE-2015-1270", "CVE-2015-4760"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-09-17T00:00:00", "id": "OPENVAS:1361412562310842437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842437", "type": "openvas", "title": "Ubuntu Update for icu USN-2740-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for icu USN-2740-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842437\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-17 06:18:53 +0200 (Thu, 17 Sep 2015)\");\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-2632\", \"CVE-2015-4760\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for icu USN-2740-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Atte Kettunen discovered that ICU\nincorrectly handled certain converter names. If an application using ICU processed\ncrafted data, a remote attacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory operations\nwhen processing data. If an application using ICU processed crafted data,\na remote attacker could possibly cause it to crash or potentially execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-2632, CVE-2015-4760)\");\n script_tag(name:\"affected\", value:\"icu on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2740-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2740-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu52:amd64\", ver:\"52.1-3ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libicu52:i386\", ver:\"52.1-3ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libicu48\", ver:\"4.8.1.1-3ubuntu0.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7923", "CVE-2014-6585", "CVE-2014-9654", "CVE-2014-7926", "CVE-2014-6591"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-29T00:00:00", "id": "OPENVAS:1361412562310869313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869313", "type": "openvas", "title": "Fedora Update for icu FEDORA-2015-6084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icu FEDORA-2015-6084\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869313\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-29 05:27:23 +0200 (Wed, 29 Apr 2015)\");\n script_cve_id(\"CVE-2014-9654\", \"CVE-2014-7923\", \"CVE-2014-7926\", \"CVE-2014-6585\",\n \"CVE-2014-6591\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for icu FEDORA-2015-6084\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"icu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6084\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156235.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~50.1.2~12.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:49:11", "description": "Several vulnerabilities were discovered in the International\nComponents for Unicode (ICU) library.\n\n - CVE-2014-8146\n The Unicode Bidirectional Algorithm implementation does\n not properly track directionally isolated pieces of\n text, which allows remote attackers to cause a denial of\n service (heap-based buffer overflow) or possibly execute\n arbitrary code via crafted text.\n\n - CVE-2014-8147\n The Unicode Bidirectional Algorithm implementation uses\n an integer data type that is inconsistent with a header\n file, which allows remote attackers to cause a denial of\n service (incorrect malloc followed by invalid free) or\n possibly execute arbitrary code via crafted text.\n\n - CVE-2015-4760\n The Layout Engine was missing multiple boundary checks.\n These could lead to buffer overflows and memory\n corruption. A specially crafted file could cause an\n application using ICU to parse untrusted font files to\n crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in\nDSA-3187-1 for CVE-2014-6585 was incomplete, possibly leading to an\ninvalid memory access. This could allow remote attackers to disclose\nportion of private memory via crafted font files.", "edition": 22, "published": "2015-08-03T00:00:00", "title": "Debian DSA-3323-1 : icu - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6585", "CVE-2014-8147", "CVE-2014-8146", "CVE-2015-4760"], "modified": "2015-08-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icu", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3323.NASL", "href": "https://www.tenable.com/plugins/nessus/85162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3323. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85162);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6585\", \"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2015-4760\");\n script_xref(name:\"DSA\", value:\"3323\");\n\n script_name(english:\"Debian DSA-3323-1 : icu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the International\nComponents for Unicode (ICU) library.\n\n - CVE-2014-8146\n The Unicode Bidirectional Algorithm implementation does\n not properly track directionally isolated pieces of\n text, which allows remote attackers to cause a denial of\n service (heap-based buffer overflow) or possibly execute\n arbitrary code via crafted text.\n\n - CVE-2014-8147\n The Unicode Bidirectional Algorithm implementation uses\n an integer data type that is inconsistent with a header\n file, which allows remote attackers to cause a denial of\n service (incorrect malloc followed by invalid free) or\n possibly execute arbitrary code via crafted text.\n\n - CVE-2015-4760\n The Layout Engine was missing multiple boundary checks.\n These could lead to buffer overflows and memory\n corruption. A specially crafted file could cause an\n application using ICU to parse untrusted font files to\n crash and, possibly, execute arbitrary code.\n\nAdditionally, it was discovered that the patch applied to ICU in\nDSA-3187-1 for CVE-2014-6585 was incomplete, possibly leading to an\ninvalid memory access. This could allow remote attackers to disclose\nportion of private memory via crafted font files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-6585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3323\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icu packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 4.8.1.1-12+deb7u3.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 52.1-8+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icu-doc\", reference:\"4.8.1.1-12+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libicu-dev\", reference:\"4.8.1.1-12+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libicu48\", reference:\"4.8.1.1-12+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libicu48-dbg\", reference:\"4.8.1.1-12+deb7u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icu-devtools\", reference:\"52.1-8+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icu-doc\", reference:\"52.1-8+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu-dev\", reference:\"52.1-8+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu52\", reference:\"52.1-8+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libicu52-dbg\", reference:\"52.1-8+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:13:09", "description": "icu was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) used an integer data type that is\n inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text (bsc#929629).\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) did not properly track directionally\n isolated pieces of text, which allowed remote attackers\n to cause a denial of service (heap-based buffer\n overflow) or possibly execute arbitrary code via crafted\n text (bsc#929629). This update was imported from the\n SUSE:SLE-12:Update update project.", "edition": 16, "published": "2017-09-06T00:00:00", "title": "openSUSE Security Update : icu (openSUSE-2017-1011)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "modified": "2017-09-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libicu52_1-debuginfo", "p-cpe:/a:novell:opensuse:libicu52_1-32bit", "p-cpe:/a:novell:opensuse:libicu52_1", "p-cpe:/a:novell:opensuse:icu-data", "p-cpe:/a:novell:opensuse:libicu52_1-data", "p-cpe:/a:novell:opensuse:libicu-devel", "p-cpe:/a:novell:opensuse:icu", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:icu-debuginfo", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:icu-debugsource", "p-cpe:/a:novell:opensuse:libicu52_1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libicu-devel-32bit"], "id": "OPENSUSE-2017-1011.NASL", "href": "https://www.tenable.com/plugins/nessus/102967", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1011.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102967);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\");\n\n script_name(english:\"openSUSE Security Update : icu (openSUSE-2017-1011)\");\n script_summary(english:\"Check for the openSUSE-2017-1011 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"icu was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) used an integer data type that is\n inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text (bsc#929629).\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) did not properly track directionally\n isolated pieces of text, which allowed remote attackers\n to cause a denial of service (heap-based buffer\n overflow) or possibly execute arbitrary code via crafted\n text (bsc#929629). This update was imported from the\n SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=929629\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu52_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu52_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu52_1-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu52_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libicu52_1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"icu-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"icu-data-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"icu-debuginfo-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"icu-debugsource-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libicu-devel-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libicu52_1-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libicu52_1-data-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libicu52_1-debuginfo-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libicu-devel-32bit-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libicu52_1-32bit-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libicu52_1-debuginfo-32bit-52.1-12.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"icu-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"icu-data-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"icu-debuginfo-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"icu-debugsource-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libicu-devel-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libicu52_1-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libicu52_1-data-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libicu52_1-debuginfo-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libicu-devel-32bit-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libicu52_1-32bit-52.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libicu52_1-debuginfo-32bit-52.1-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu / icu-data / icu-debuginfo / icu-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T18:55:18", "description": "Pedro Ribeiro discovered that ICU incorrectly handled certain memory\noperations when processing data. If an application using ICU processed\ncrafted data, an attacker could cause it to crash or potentially\nexecute arbitrary code with the privileges of the user invoking the\nprogram.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-05-12T00:00:00", "title": "Ubuntu 14.04 LTS / 14.10 / 15.04 : icu vulnerabilities (USN-2605-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "modified": "2015-05-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:libicu52", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2605-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83345", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2605-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83345);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\");\n script_bugtraq_id(74457);\n script_xref(name:\"USN\", value:\"2605-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 / 15.04 : icu vulnerabilities (USN-2605-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pedro Ribeiro discovered that ICU incorrectly handled certain memory\noperations when processing data. If an application using ICU processed\ncrafted data, an attacker could cause it to crash or potentially\nexecute arbitrary code with the privileges of the user invoking the\nprogram.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2605-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libicu52 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu52\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libicu52\", pkgver:\"52.1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libicu52\", pkgver:\"52.1-6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libicu52\", pkgver:\"52.1-8ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libicu52\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:18", "description": "icu was updated to fix two security issues. These security issues were\nfixed :\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) used an integer data type that is\n inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text (bsc#929629).\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) did not properly track directionally\n isolated pieces of text, which allowed remote attackers\n to cause a denial of service (heap-based buffer\n overflow) or possibly execute arbitrary code via crafted\n text (bsc#929629).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2017-09-01T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2017:2318-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "modified": "2017-09-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:icu-debugsource", "p-cpe:/a:novell:suse_linux:libicu52_1-data", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libicu52_1-debuginfo", "p-cpe:/a:novell:suse_linux:libicu-doc", "p-cpe:/a:novell:suse_linux:libicu52_1", "p-cpe:/a:novell:suse_linux:icu", "p-cpe:/a:novell:suse_linux:icu-debuginfo"], "id": "SUSE_SU-2017-2318-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2318-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102912);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\");\n script_bugtraq_id(74457);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2017:2318-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"icu was updated to fix two security issues. These security issues were\nfixed :\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) used an integer data type that is\n inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text (bsc#929629).\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) did not properly track directionally\n isolated pieces of text, which allowed remote attackers\n to cause a denial of service (heap-based buffer\n overflow) or possibly execute arbitrary code via crafted\n text (bsc#929629).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8147/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172318-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b11f5ed1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1430=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1430=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1430=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1430=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1430=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1430=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1430=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1430=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1430=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1430=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1430=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:icu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:icu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libicu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libicu52_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libicu52_1-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libicu52_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"icu-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"icu-debugsource-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libicu-doc-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libicu52_1-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libicu52_1-data-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libicu52_1-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libicu52_1-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libicu52_1-debuginfo-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"icu-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"icu-debugsource-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libicu-doc-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libicu52_1-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libicu52_1-data-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libicu52_1-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libicu52_1-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libicu52_1-debuginfo-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"icu-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"icu-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"icu-debugsource-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libicu52_1-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libicu52_1-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libicu52_1-data-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libicu52_1-debuginfo-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libicu52_1-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"icu-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"icu-debuginfo-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"icu-debugsource-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libicu52_1-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libicu52_1-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libicu52_1-data-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libicu52_1-debuginfo-32bit-52.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libicu52_1-debuginfo-52.1-8.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:04:39", "description": "The remote host is affected by the vulnerability described in GLSA-201507-04\n(International Components for Unicode: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in International\n Components for Unicode. Please review the CVE identifiers referenced\n below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code with the privileges of\n the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2015-07-08T00:00:00", "title": "GLSA-201507-04 : International Components for Unicode: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "modified": "2015-07-08T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:icu"], "id": "GENTOO_GLSA-201507-04.NASL", "href": "https://www.tenable.com/plugins/nessus/84603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201507-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84603);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\");\n script_bugtraq_id(74457);\n script_xref(name:\"GLSA\", value:\"201507-04\");\n\n script_name(english:\"GLSA-201507-04 : International Components for Unicode: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201507-04\n(International Components for Unicode: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in International\n Components for Unicode. Please review the CVE identifiers referenced\n below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code with the privileges of\n the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201507-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All International Components for Unicode users should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/icu-55.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/icu\", unaffected:make_list(\"ge 55.1\"), vulnerable:make_list(\"lt 55.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"International Components for Unicode\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:12:30", "description": "Qt 5 was updated to the 5.5.1 release to deliver upstream improvements\nand fixes to Qt functionality.\n\nThe following Security fixes are contained in QtWebEngineCore :\n\n - ICU: CVE-2014-8146, CVE-2014-8147\n\n - Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292\n\n - Skia: CVE-2015-1294\n\n - V8: CVE-2015-1290\n\nThe following packages were rebuilt because they use private headers :\n\n - calibre\n\n - fcitx-qt5\n\n - frameworkintegration\n\n - kwayland\n\n - kwin5,\n\n - lxqt-powermanagement\n\n - lxqt-qtplugin", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-12-29T00:00:00", "title": "openSUSE Security Update : Qt 5 (openSUSE-2015-953)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1291", "CVE-2014-8147", "CVE-2015-1294", "CVE-2014-8146", "CVE-2015-1292", "CVE-2015-1284", "CVE-2015-1290"], "modified": "2015-12-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt5-qtct-debugsource", "p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:frameworkintegration-devel", "p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel", "p-cpe:/a:novell:opensuse:kwayland-devel", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel", "p-cpe:/a:novell:opensuse:libQt5WebChannel5", "p-cpe:/a:novell:opensuse:libQt53DInput-devel", "p-cpe:/a:novell:opensuse:kwin5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Positioning5", "p-cpe:/a:novell:opensuse:libQt5Multimedia5", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Designer5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-private-headers-devel", "p-cpe:/a:novell:opensuse:kwayland-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports", "p-cpe:/a:novell:opensuse:lxqt-qtplugin-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DCore5-32bit", "p-cpe:/a:novell:opensuse:libqt5-creator-debugsource", "p-cpe:/a:novell:opensuse:libQt5Compositor5", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel", "p-cpe:/a:novell:opensuse:libQt5Sensors5", "p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo", "p-cpe:/a:novell:opensuse:lxqt-qtplugin", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static", "p-cpe:/a:novell:opensuse:libqt5-qt3d-examples", "p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sensors5-imports", "p-cpe:/a:novell:opensuse:libQt5Network5", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite", "p-cpe:/a:novell:opensuse:libQt5Multimedia5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql-devel", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel", "p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKit5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel", "p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5", "p-cpe:/a:novell:opensuse:libQt5Location5", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5Core5", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-debugsource", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql", "p-cpe:/a:novell:opensuse:fcitx-qt5-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples", "p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debugsource", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5CLucene5", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui-devel", "p-cpe:/a:novell:opensuse:libQt5WebKit5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5X11Extras5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test-devel", "p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples", "p-cpe:/a:novell:opensuse:frameworkintegration-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2", "p-cpe:/a:novell:opensuse:libQt53DLogic5-32bit", "p-cpe:/a:novell:opensuse:libQt5Script5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools", "p-cpe:/a:novell:opensuse:libQt53DRenderer-devel", "p-cpe:/a:novell:opensuse:libQt53DCore-devel", "p-cpe:/a:novell:opensuse:libqt5-qtct", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel", "p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-debugsource", "p-cpe:/a:novell:opensuse:libQt5WebKit-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets5", "p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples", "p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-devel", "p-cpe:/a:novell:opensuse:fcitx-qt5-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5SerialPort5", "p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debugsource", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-32bit", "p-cpe:/a:novell:opensuse:fcitx-qt5", "p-cpe:/a:novell:opensuse:libQtQuick5", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples", "p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit", "p-cpe:/a:novell:opensuse:kwin5-lang", "p-cpe:/a:novell:opensuse:libQt5Declarative5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:lxqt-powermanagement-debugsource", "p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer-devel", "p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-private-headers-devel", "p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit", "p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel", "p-cpe:/a:novell:opensuse:libqt5-creator-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5-32bit", "p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo-32bit", "p-cpe:/a:novell:opensuse:fcitx-qt5-debugsource", "p-cpe:/a:novell:opensuse:libQt5CLucene5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtserialport-debugsource", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Nfc5", "p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtdoc", "p-cpe:/a:novell:opensuse:libKF5Style5", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwayland", "p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Declarative5", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-debugsource", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DInput5", "p-cpe:/a:novell:opensuse:libqt5-qt3d-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit", "p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-debugsource", "p-cpe:/a:novell:opensuse:libQt5Svg5", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples", "p-cpe:/a:novell:opensuse:libQt5Core5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5DBus-devel", "p-cpe:/a:novell:opensuse:kwayland-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKit5-devel", "p-cpe:/a:novell:opensuse:libQt5Help5", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtlocation-debugsource", "p-cpe:/a:novell:opensuse:libQt5SerialPort5-32bit", "p-cpe:/a:novell:opensuse:libqt5-linguist-devel", "p-cpe:/a:novell:opensuse:libqt5-qttranslations", "p-cpe:/a:novell:opensuse:libQt5Designer5", "p-cpe:/a:novell:opensuse:libqt5-qttools-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qttools-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt53DQuick5", "p-cpe:/a:novell:opensuse:libQt5Sensors5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qttools-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel", "p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Xml5", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel-32bit", "p-cpe:/a:novell:opensuse:frameworkintegration-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libKF5Style5-32bit", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-32bit", "p-cpe:/a:novell:opensuse:kwayland-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel", "p-cpe:/a:novell:opensuse:libQt53DQuick-devel", "p-cpe:/a:novell:opensuse:kwin5-debugsource", "p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5", "p-cpe:/a:novell:opensuse:libQt5Sensors5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-linguist-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debugsource", "p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Svg5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qt3d-imports", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel-32bit", "p-cpe:/a:novell:opensuse:calibre-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qttools-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-devel-32bit", "p-cpe:/a:novell:opensuse:lxqt-powermanagement-lang", "p-cpe:/a:novell:opensuse:libQt5OpenGL5", "p-cpe:/a:novell:opensuse:libQt5Core-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel", "p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo", "p-cpe:/a:novell:opensuse:lxqt-powermanagement-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qt3d-devel", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples", "p-cpe:/a:novell:opensuse:libqt5-qtct-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Script5", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DQuick5-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qt3d-debugsource", "p-cpe:/a:novell:opensuse:libQt5WebSockets5", "p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kwin5-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel", "p-cpe:/a:novell:opensuse:libqt5-qttools-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5-32bit", "p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports", "p-cpe:/a:novell:opensuse:libqt5-qttools-devel-32bit", "p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples", "p-cpe:/a:novell:opensuse:libqt5-qt3d-examples-debuginfo", "p-cpe:/a:novell:opensuse:kwayland-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel-32bit", "p-cpe:/a:novell:opensuse:libKF5Style5-lang", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static", "p-cpe:/a:novell:opensuse:calibre", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit", "p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql", "p-cpe:/a:novell:opensuse:kwin5", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Compositor5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Network-devel", "p-cpe:/a:novell:opensuse:libQt53DRenderer5", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-examples", "p-cpe:/a:novell:opensuse:libqt5-qt3d-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DInput5-32bit", "p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5", "p-cpe:/a:novell:opensuse:libqt5-qtx11extras-debugsource", "p-cpe:/a:novell:opensuse:libQt5Location5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-examples", "p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples", "p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qttools-examples", "p-cpe:/a:novell:opensuse:libQt53DCore5", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debuginfo", "p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5", "p-cpe:/a:novell:opensuse:libQt5Nfc5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-debugsource", "p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats", "p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples", "p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools", "p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-debugsource", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2-debuginfo", "p-cpe:/a:novell:opensuse:calibre-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-debugsource", "p-cpe:/a:novell:opensuse:lxqt-qtplugin-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit", "p-cpe:/a:novell:opensuse:kwayland", "p-cpe:/a:novell:opensuse:libQt5WebKit5", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DCollision-devel", "p-cpe:/a:novell:opensuse:libQt5WebKit5-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-examples-debuginfo", "p-cpe:/a:novell:opensuse:kwayland-debuginfo", "p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-doc-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtgraphicaleffects", "p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-debugsource", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qttools", "p-cpe:/a:novell:opensuse:libQt53DLogic5", "p-cpe:/a:novell:opensuse:libQt53DLogic-devel", "p-cpe:/a:novell:opensuse:libqt5-linguist", "p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5XmlPatterns5", "p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5Help5-32bit", "p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtscript-examples", "p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports", "p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-32bit", "p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports-debuginfo", "p-cpe:/a:novell:opensuse:libQt5X11Extras5", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Nfc5-32bit", "p-cpe:/a:novell:opensuse:libQt53DCollision5", "p-cpe:/a:novell:opensuse:libqt5-qtwebengine-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtwayland-32bit", "p-cpe:/a:novell:opensuse:lxqt-powermanagement", "p-cpe:/a:novell:opensuse:libQt53DCollision5-32bit", "p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static", "p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples", "p-cpe:/a:novell:opensuse:libQt5Nfc5-imports", "p-cpe:/a:novell:opensuse:libQt5Positioning5-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKit5-imports", "p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo", "p-cpe:/a:novell:opensuse:libQtQuick5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples", "p-cpe:/a:novell:opensuse:libqt5-qtimageformats-devel", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo", "p-cpe:/a:novell:opensuse:libQt53DRenderer5-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus5", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-debugsource", "p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Network5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel", "p-cpe:/a:novell:opensuse:libqt5-creator", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo-32bit", "p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo-32bit"], "id": "OPENSUSE-2015-953.NASL", "href": "https://www.tenable.com/plugins/nessus/87627", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-953.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87627);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2015-1284\", \"CVE-2015-1290\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1294\");\n\n script_name(english:\"openSUSE Security Update : Qt 5 (openSUSE-2015-953)\");\n script_summary(english:\"Check for the openSUSE-2015-953 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qt 5 was updated to the 5.5.1 release to deliver upstream improvements\nand fixes to Qt functionality.\n\nThe following Security fixes are contained in QtWebEngineCore :\n\n - ICU: CVE-2014-8146, CVE-2014-8147\n\n - Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292\n\n - Skia: CVE-2015-1294\n\n - V8: CVE-2015-1290\n\nThe following packages were rebuilt because they use private headers :\n\n - calibre\n\n - fcitx-qt5\n\n - frameworkintegration\n\n - kwayland\n\n - kwin5,\n\n - lxqt-powermanagement\n\n - lxqt-qtplugin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959178\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected Qt 5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:calibre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:calibre-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:calibre-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fcitx-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:frameworkintegration-plugin-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwayland-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin5-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libKF5Style5-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCollision5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DCore5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DInput5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DLogic5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuick5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DQuickRenderer5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt53DRenderer5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bluetooth5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5CLucene5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Compositor5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Declarative5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Designer5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DesignerComponents5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Help5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Location5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Multimedia5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Nfc5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Positioning5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Script5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sensors5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5SerialPort5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WaylandClient5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebChannel5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKit5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebKitWidgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5WebSockets5-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5X11Extras5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5XmlPatterns5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtQuick5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-creator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-creator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-creator-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-linguist-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-imports\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-imports-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qt3d-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtconnectivity-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtct-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtct-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdeclarative-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtimageformats-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtlocation-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtmultimedia-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquick1-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtquickcontrols-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtscript-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsensors-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtserialport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttools-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwayland-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebchannel-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebengine-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebkit-examples-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtwebsockets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtx11extras-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtx11extras-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtxmlpatterns-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-powermanagement-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-qtplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-qtplugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lxqt-qtplugin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"calibre-2.46.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"calibre-debuginfo-2.46.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"calibre-debugsource-2.46.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-debuginfo-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-debugsource-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"fcitx-qt5-devel-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-debugsource-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-devel-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-plugin-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"frameworkintegration-plugin-debuginfo-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-debuginfo-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-debugsource-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwayland-devel-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-debuginfo-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-debugsource-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-devel-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kwin5-lang-5.4.3-6.10\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libKF5Style5-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libKF5Style5-debuginfo-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libKF5Style5-lang-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCollision-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCollision5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCollision5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCore-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCore5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DCore5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DInput-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DInput5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DInput5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DLogic-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DLogic5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DLogic5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuick-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuick5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuick5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuickRenderer-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuickRenderer5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DQuickRenderer5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DRenderer-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DRenderer5-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt53DRenderer5-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-imports-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bluetooth5-imports-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Bootstrap-devel-static-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5CLucene5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5CLucene5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Compositor5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Compositor5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Concurrent-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Concurrent5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Concurrent5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Core5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus-devel-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DBus5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Declarative5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Declarative5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Designer5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Designer5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DesignerComponents5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5DesignerComponents5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Gui5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Help5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Help5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Location5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Location5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Multimedia5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Multimedia5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Network5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-imports-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Nfc5-imports-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGL5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5OpenGLExtensions-devel-static-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PlatformHeaders-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PlatformSupport-devel-static-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PlatformSupport-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Positioning5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Positioning5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5PrintSupport5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Script5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Script5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-imports-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sensors5-imports-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5SerialPort5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5SerialPort5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-mysql-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-mysql-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-postgresql-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-postgresql-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-sqlite-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-sqlite-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-unixODBC-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Svg5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Svg5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Test5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WaylandClient5-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WaylandClient5-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-imports-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebChannel5-imports-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-imports-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKit5-imports-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebKitWidgets5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-imports-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5WebSockets5-imports-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Widgets5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5X11Extras5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5X11Extras5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Xml-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Xml5-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5Xml5-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5XmlPatterns5-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQt5XmlPatterns5-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQtQuick5-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libQtQuick5-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-creator-3.5.1-6.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-creator-debuginfo-3.5.1-6.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-creator-debugsource-3.5.1-6.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-linguist-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-linguist-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-linguist-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-debugsource-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-examples-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-examples-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-imports-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-imports-debuginfo-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qt3d-private-headers-devel-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-common-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-common-devel-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-debugsource-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-doc-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-examples-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-examples-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-platformtheme-gtk2-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-platformtheme-gtk2-debuginfo-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtbase-private-headers-devel-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-debugsource-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-examples-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-examples-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-private-headers-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-tools-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtconnectivity-tools-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtct-0.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtct-debuginfo-0.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtct-debugsource-0.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-devel-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-tools-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdeclarative-tools-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtdoc-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtgraphicaleffects-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtimageformats-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtlocation-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-debugsource-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-examples-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-examples-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtmultimedia-private-headers-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-devel-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquick1-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtquickcontrols-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtscript-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsensors-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtserialport-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtserialport-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtserialport-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtsvg-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-examples-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-examples-debuginfo-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttools-private-headers-devel-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qttranslations-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-debugsource-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-examples-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-examples-debuginfo-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwayland-private-headers-devel-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebchannel-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-debuginfo-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-debugsource-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-devel-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-examples-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-examples-debuginfo-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebengine-private-headers-devel-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-debugsource-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebkit-examples-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtwebsockets-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtx11extras-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtx11extras-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-debugsource-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-examples-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-examples-debuginfo-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libqt5-qtxmlpatterns-private-headers-devel-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-debuginfo-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-debugsource-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-powermanagement-lang-0.9.0-4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-qtplugin-0.9.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-qtplugin-debuginfo-0.9.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"lxqt-qtplugin-debugsource-0.9.0-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"fcitx-qt5-32bit-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"fcitx-qt5-debuginfo-32bit-1.0.4-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"frameworkintegration-devel-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"frameworkintegration-plugin-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"frameworkintegration-plugin-debuginfo-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kwayland-32bit-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kwayland-debuginfo-32bit-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kwayland-devel-32bit-5.4.3-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libKF5Style5-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libKF5Style5-debuginfo-32bit-5.16.0-6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCollision5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCollision5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCore5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DCore5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DInput5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DInput5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DLogic5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DLogic5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuick5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuick5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuickRenderer5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DQuickRenderer5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DRenderer5-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt53DRenderer5-debuginfo-32bit-5.5.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Bluetooth5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Bluetooth5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Bootstrap-devel-static-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5CLucene5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5CLucene5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Compositor5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Compositor5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Concurrent-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Core-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Core5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Core5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DBus5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Declarative5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Declarative5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Designer5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Designer5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DesignerComponents5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5DesignerComponents5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Gui-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Help5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Help5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Location5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Location5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Multimedia5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Multimedia5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Network-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Network5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Network5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Nfc5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Nfc5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGL-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5OpenGLExtensions-devel-static-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PlatformSupport-devel-static-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Positioning5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Positioning5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PrintSupport-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Script5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Script5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sensors5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sensors5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5SerialPort5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5SerialPort5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Svg5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Svg5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Test-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WaylandClient5-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WaylandClient5-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebChannel5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebChannel5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKit5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKit5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKit5-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKitWidgets-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKitWidgets5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebKitWidgets5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebSockets5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5WebSockets5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Widgets-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5X11Extras5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5X11Extras5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Xml-devel-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Xml5-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5Xml5-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5XmlPatterns5-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQt5XmlPatterns5-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQtQuick5-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libQtQuick5-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-debuginfo-32bit-5.5.1-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtconnectivity-devel-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtdeclarative-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtdeclarative-devel-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtimageformats-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtimageformats-debuginfo-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtlocation-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtmultimedia-devel-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtquick1-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtquick1-devel-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtscript-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtsensors-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtserialport-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtsvg-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qttools-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qttools-debuginfo-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qttools-devel-32bit-5.5.1-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwayland-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwayland-debuginfo-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwayland-devel-32bit-5.5.1-3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebchannel-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebengine-32bit-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebengine-debuginfo-32bit-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebengine-devel-32bit-5.5.1-4.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtwebsockets-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtx11extras-devel-32bit-5.5.1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libqt5-qtxmlpatterns-devel-32bit-5.5.1-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"calibre / calibre-debuginfo / calibre-debugsource / fcitx-qt5 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:29", "description": "This update brings LibreOffice to version 5.0.4, a major version\nupdate.\n\nIt brings lots of new features, bug fixes and also security fixes.\n\nFeatures as seen on http://www.libreoffice.org/discover/new-features/\n\n - LibreOffice 5.0 ships an impressive number of new\n features for its spreadsheet module, Calc: complex\n formulae image cropping, new functions, more powerful\n conditional formatting, table addressing and much more.\n Calc's blend of performance and features makes it an\n enterprise-ready, heavy duty spreadsheet application\n capable of handling all kinds of workload for an\n impressive range of use cases\n\n - New icons, major improvements to menus and sidebar : no\n other LibreOffice version has looked that good and\n helped you be creative and get things done the right\n way. In addition, style management is now more intuitive\n thanks to the visualization of styles right in the\n interface.\n\n - LibreOffice 5 ships with numerous improvements to\n document import and export filters for MS Office, PDF,\n RTF, and more. You can now timestamp PDF documents\n generated with LibreOffice and enjoy enhanced document\n conversion fidelity all around.\n\nThe Pentaho Flow Reporting Engine is now added and used.\n\nSecurity issues fixed :\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 did not properly track\n directionally isolated pieces of text, which allowed\n remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly execute\n arbitrary code via crafted text.\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 used an integer data type that\n is inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text.\n\n - CVE-2015-4551: An arbitrary file disclosure\n vulnerability in Libreoffice and Openoffice Calc and\n Writer was fixed.\n\n - CVE-2015-5212: A LibreOffice 'PrinterSetup Length'\n integer underflow vulnerability could be used by\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5213: A LibreOffice 'Piece Table Counter'\n invalid check design error vulnerability allowed\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5214: Multiple Vendor LibreOffice Bookmark\n Status Memory Corruption Vulnerability allowed attackers\n supplying documents to execute code as the user opening\n the document.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2016-02-04T00:00:00", "title": "SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5214", "CVE-2014-8147", "CVE-2015-5212", "CVE-2014-8146", "CVE-2015-4551", "CVE-2015-5213", "CVE-2014-9093"], "modified": "2016-02-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:myspell-sr", "p-cpe:/a:novell:suse_linux:myspell-lv_LV", "p-cpe:/a:novell:suse_linux:myspell-es_PA", "p-cpe:/a:novell:suse_linux:myspell-bn_IN", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-pt-PT", "p-cpe:/a:novell:suse_linux:myspell-es_VE", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-ja", "p-cpe:/a:novell:suse_linux:myspell-fr_FR", "p-cpe:/a:novell:suse_linux:libreoffice-math", "p-cpe:/a:novell:suse_linux:myspell-ar_SY", "p-cpe:/a:novell:suse_linux:myspell-et_EE", "p-cpe:/a:novell:suse_linux:myspell-en_NA", "p-cpe:/a:novell:suse_linux:myspell-ar_BH", "p-cpe:/a:novell:suse_linux:myspell-lightproof-pt_BR", "p-cpe:/a:novell:suse_linux:myspell-dictionaries", "p-cpe:/a:novell:suse_linux:myspell-sr_Latn_CS", "p-cpe:/a:novell:suse_linux:libreoffice-voikko", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-ca", "p-cpe:/a:novell:suse_linux:libreoffice-filters-optional", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-zh-Hant", "p-cpe:/a:novell:suse_linux:myspell-sv_FI", "p-cpe:/a:novell:suse_linux:myspell-nl_BE", "p-cpe:/a:novell:suse_linux:myspell-es_PY", "p-cpe:/a:novell:suse_linux:libreoffice-kde4", "p-cpe:/a:novell:suse_linux:myspell-ca_ES_valencia", "p-cpe:/a:novell:suse_linux:myspell-es_CR", "p-cpe:/a:novell:suse_linux:myspell-ar", "p-cpe:/a:novell:suse_linux:libreoffice-impress", "p-cpe:/a:novell:suse_linux:libreoffice-icon-theme-galaxy", "p-cpe:/a:novell:suse_linux:myspell-en_AU", "p-cpe:/a:novell:suse_linux:myspell-ar_DZ", "p-cpe:/a:novell:suse_linux:myspell-sr_Latn_RS", "p-cpe:/a:novell:suse_linux:myspell-ar_SD", "p-cpe:/a:novell:suse_linux:myspell-it_IT", "p-cpe:/a:novell:suse_linux:myspell-ar_EG", "p-cpe:/a:novell:suse_linux:libreoffice-gnome", "p-cpe:/a:novell:suse_linux:libreoffice-sdk", "p-cpe:/a:novell:suse_linux:myspell-es_SV", "p-cpe:/a:novell:suse_linux:libreoffice-calc", "p-cpe:/a:novell:suse_linux:myspell-af_ZA", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-xh", "p-cpe:/a:novell:suse_linux:myspell-ca_AD", "p-cpe:/a:novell:suse_linux:libreoffice-officebean", "p-cpe:/a:novell:suse_linux:myspell-es_ES", "p-cpe:/a:novell:suse_linux:myspell-ar_TN", "p-cpe:/a:novell:suse_linux:myspell-es_DO", "p-cpe:/a:novell:suse_linux:myspell-de_DE", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-nl", "p-cpe:/a:novell:suse_linux:myspell-en_JM", "p-cpe:/a:novell:suse_linux:myspell-da_DK", "p-cpe:/a:novell:suse_linux:myspell-de_CH", "p-cpe:/a:novell:suse_linux:myspell-hi_IN", "p-cpe:/a:novell:suse_linux:myspell-el_GR", "p-cpe:/a:novell:suse_linux:myspell-en", "p-cpe:/a:novell:suse_linux:libreoffice-mailmerge", "p-cpe:/a:novell:suse_linux:myspell-en_IN", "p-cpe:/a:novell:suse_linux:myspell-fr_BE", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-zh-Hans", "p-cpe:/a:novell:suse_linux:myspell-te_IN", "p-cpe:/a:novell:suse_linux:myspell-es_CO", "p-cpe:/a:novell:suse_linux:libreoffice", "p-cpe:/a:novell:suse_linux:myspell-ar_IQ", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-af", "p-cpe:/a:novell:suse_linux:myspell-es_BO", "p-cpe:/a:novell:suse_linux:myspell-lo_LA", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-zu", "p-cpe:/a:novell:suse_linux:myspell-lightproof-hu_HU", "p-cpe:/a:novell:suse_linux:myspell-ca_ES", "p-cpe:/a:novell:suse_linux:myspell-ca", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-cs", "p-cpe:/a:novell:suse_linux:libhyphen0", "p-cpe:/a:novell:suse_linux:myspell-es_GT", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-ru", "p-cpe:/a:novell:suse_linux:myspell-hu_HU", "p-cpe:/a:novell:suse_linux:myspell-fr_MC", "p-cpe:/a:novell:suse_linux:myspell-ar_MA", "p-cpe:/a:novell:suse_linux:myspell-fr_LU", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-sv", "p-cpe:/a:novell:suse_linux:myspell-ca_FR", "p-cpe:/a:novell:suse_linux:myspell-pt_PT", "p-cpe:/a:novell:suse_linux:myspell-fr_CH", "p-cpe:/a:novell:suse_linux:myspell-en_NZ", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:myspell-ar_LB", "p-cpe:/a:novell:suse_linux:myspell-lt_LT", "p-cpe:/a:novell:suse_linux:libreoffice-base", "p-cpe:/a:novell:suse_linux:myspell-bg_BG", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-pl", "p-cpe:/a:novell:suse_linux:myspell-es", "p-cpe:/a:novell:suse_linux:libreoffice-icon-theme-tango", "p-cpe:/a:novell:suse_linux:myspell-zu_ZA", "p-cpe:/a:novell:suse_linux:myspell-nn_NO", "p-cpe:/a:novell:suse_linux:myspell-pt_BR", "p-cpe:/a:novell:suse_linux:libreoffice-writer", "p-cpe:/a:novell:suse_linux:myspell-no", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-en", "p-cpe:/a:novell:suse_linux:myspell-es_UY", "p-cpe:/a:novell:suse_linux:myspell-es_PE", "p-cpe:/a:novell:suse_linux:myspell-en_GB", "p-cpe:/a:novell:suse_linux:myspell-en_BZ", "p-cpe:/a:novell:suse_linux:libreoffice-pyuno", "p-cpe:/a:novell:suse_linux:libmythes-1_2", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-gu", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-nb", "p-cpe:/a:novell:suse_linux:myspell-sl_SI", "p-cpe:/a:novell:suse_linux:myspell-vi_VN", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-pt-BR", "p-cpe:/a:novell:suse_linux:myspell-sk_SK", "p-cpe:/a:novell:suse_linux:myspell-af_NA", "p-cpe:/a:novell:suse_linux:myspell-sv_SE", "p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql", "p-cpe:/a:novell:suse_linux:libvoikko1", "p-cpe:/a:novell:suse_linux:myspell-ar_AE", "p-cpe:/a:novell:suse_linux:myspell-fr_CA", "p-cpe:/a:novell:suse_linux:myspell-en_TT", "p-cpe:/a:novell:suse_linux:myspell-es_AR", "p-cpe:/a:novell:suse_linux:myspell-es_NI", "p-cpe:/a:novell:suse_linux:myspell-cs_CZ", "p-cpe:/a:novell:suse_linux:myspell-gu_IN", "p-cpe:/a:novell:suse_linux:myspell-ro_RO", "p-cpe:/a:novell:suse_linux:myspell-ar_JO", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-hi", "p-cpe:/a:novell:suse_linux:myspell-bs_BA", "p-cpe:/a:novell:suse_linux:libreoffice-draw", "p-cpe:/a:novell:suse_linux:myspell-en_GH", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-fr", "p-cpe:/a:novell:suse_linux:myspell-ar_QA", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-de", "p-cpe:/a:novell:suse_linux:myspell-ar_LY", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-sk", "p-cpe:/a:novell:suse_linux:myspell-th_TH", "p-cpe:/a:novell:suse_linux:myspell-ro", "p-cpe:/a:novell:suse_linux:myspell-es_PR", "p-cpe:/a:novell:suse_linux:myspell-ar_OM", "p-cpe:/a:novell:suse_linux:myspell-lightproof-en", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-ko", "p-cpe:/a:novell:suse_linux:myspell-he_IL", "p-cpe:/a:novell:suse_linux:myspell-sr_CS", "p-cpe:/a:novell:suse_linux:myspell-nb_NO", "p-cpe:/a:novell:suse_linux:myspell-en_IE", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-ar", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-nn", "p-cpe:/a:novell:suse_linux:myspell-en_BS", "p-cpe:/a:novell:suse_linux:myspell-en_US", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-fi", "p-cpe:/a:novell:suse_linux:libreoffice-writer-extensions", "p-cpe:/a:novell:suse_linux:myspell-en_ZW", "p-cpe:/a:novell:suse_linux:libreoffice-calc-extensions", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-es", "p-cpe:/a:novell:suse_linux:myspell-ar_SA", "p-cpe:/a:novell:suse_linux:myspell-ar_YE", "p-cpe:/a:novell:suse_linux:myspell-te", "p-cpe:/a:novell:suse_linux:myspell-be_BY", "p-cpe:/a:novell:suse_linux:myspell-en_CA", "p-cpe:/a:novell:suse_linux:python-importlib", "p-cpe:/a:novell:suse_linux:myspell-es_MX", "p-cpe:/a:novell:suse_linux:myspell-vi", "p-cpe:/a:novell:suse_linux:myspell-en_MW", "p-cpe:/a:novell:suse_linux:myspell-es_CU", "p-cpe:/a:novell:suse_linux:myspell-pl_PL", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-it", "p-cpe:/a:novell:suse_linux:myspell-hr_HR", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-hu", "p-cpe:/a:novell:suse_linux:myspell-de", "p-cpe:/a:novell:suse_linux:myspell-ar_KW", "p-cpe:/a:novell:suse_linux:myspell-pt_AO", "p-cpe:/a:novell:suse_linux:myspell-bs", "p-cpe:/a:novell:suse_linux:myspell-nl_NL", "p-cpe:/a:novell:suse_linux:myspell-en_PH", "p-cpe:/a:novell:suse_linux:myspell-ca_IT", "p-cpe:/a:novell:suse_linux:libreoffice-l10n-da", "p-cpe:/a:novell:suse_linux:myspell-sr_RS", "p-cpe:/a:novell:suse_linux:myspell-de_AT", "p-cpe:/a:novell:suse_linux:myspell-bn_BD", "p-cpe:/a:novell:suse_linux:myspell-es_EC", "p-cpe:/a:novell:suse_linux:myspell-en_ZA", "p-cpe:/a:novell:suse_linux:myspell-lightproof-ru_RU", "p-cpe:/a:novell:suse_linux:myspell-es_CL", "p-cpe:/a:novell:suse_linux:myspell-es_HN", "p-cpe:/a:novell:suse_linux:myspell-ru_RU"], "id": "SUSE_SU-2016-0324-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0324-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88575);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2014-9093\", \"CVE-2015-4551\", \"CVE-2015-5212\", \"CVE-2015-5213\", \"CVE-2015-5214\");\n script_bugtraq_id(71313, 74457);\n\n script_name(english:\"SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings LibreOffice to version 5.0.4, a major version\nupdate.\n\nIt brings lots of new features, bug fixes and also security fixes.\n\nFeatures as seen on http://www.libreoffice.org/discover/new-features/\n\n - LibreOffice 5.0 ships an impressive number of new\n features for its spreadsheet module, Calc: complex\n formulae image cropping, new functions, more powerful\n conditional formatting, table addressing and much more.\n Calc's blend of performance and features makes it an\n enterprise-ready, heavy duty spreadsheet application\n capable of handling all kinds of workload for an\n impressive range of use cases\n\n - New icons, major improvements to menus and sidebar : no\n other LibreOffice version has looked that good and\n helped you be creative and get things done the right\n way. In addition, style management is now more intuitive\n thanks to the visualization of styles right in the\n interface.\n\n - LibreOffice 5 ships with numerous improvements to\n document import and export filters for MS Office, PDF,\n RTF, and more. You can now timestamp PDF documents\n generated with LibreOffice and enjoy enhanced document\n conversion fidelity all around.\n\nThe Pentaho Flow Reporting Engine is now added and used.\n\nSecurity issues fixed :\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 did not properly track\n directionally isolated pieces of text, which allowed\n remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly execute\n arbitrary code via crafted text.\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 used an integer data type that\n is inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text.\n\n - CVE-2015-4551: An arbitrary file disclosure\n vulnerability in Libreoffice and Openoffice Calc and\n Writer was fixed.\n\n - CVE-2015-5212: A LibreOffice 'PrinterSetup Length'\n integer underflow vulnerability could be used by\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5213: A LibreOffice 'Piece Table Counter'\n invalid check design error vulnerability allowed\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5214: Multiple Vendor LibreOffice Bookmark\n Status Memory Corruption Vulnerability allowed attackers\n supplying documents to execute code as the user opening\n the document.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.libreoffice.org/discover/new-features/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.libreoffice.org/discover/new-features/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=306333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=547549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=668145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=679938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=681560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=688200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=718113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=806250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=857026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=889755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=890735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9093/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5214/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160324-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d73960eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-libreoffice-504-1174=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-libreoffice-504-1174=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-libreoffice-504-1174=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libhyphen0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmythes-1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-calc-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-filters-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-icon-theme-galaxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-icon-theme-tango\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-pt-BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-pt-PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-zh-Hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-zh-Hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-l10n-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-mailmerge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-officebean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-voikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-writer-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvoikko1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-af_NA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-af_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_AE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_BH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_DZ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_EG\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_IQ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_JO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_KW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_LB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_LY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_MA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_OM\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_QA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_SA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_SD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_SY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_TN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ar_YE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-be_BY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-bg_BG\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-bn_BD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-bn_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-bs_BA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ca_AD\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ca_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ca_ES_valencia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ca_FR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ca_IT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-cs_CZ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-da_DK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-de_AT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-de_CH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-de_DE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-dictionaries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-el_GR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_AU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_BS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_BZ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_CA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_GH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_JM\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_MW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_NA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_NZ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_PH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_TT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_US\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-en_ZW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_BO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_CL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_CO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_CR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_CU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_DO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_EC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_GT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_HN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_MX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_NI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_PA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_PE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_PR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_PY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_SV\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_UY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-es_VE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-fr_BE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-fr_CA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-fr_CH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-fr_FR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-fr_LU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-fr_MC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-he_IL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-hi_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-hr_HR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-hu_HU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-it_IT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lightproof-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lightproof-hu_HU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lightproof-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lightproof-ru_RU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lo_LA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lt_LT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-lv_LV\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-nl_BE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-nl_NL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-pl_PL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-pt_AO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ro_RO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-ru_RU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sk_SK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sl_SI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sr_CS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sr_Latn_CS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sr_Latn_RS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sr_RS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sv_FI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-te_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-th_TH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-vi_VN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-zu_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-importlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libhyphen0-2.8.8-2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmythes-1_2-0-1.2.4-2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-base-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-base-drivers-postgresql-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-calc-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-calc-extensions-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-draw-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-filters-optional-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-gnome-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-icon-theme-galaxy-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-icon-theme-tango-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-impress-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-kde4-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-af-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-ar-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-ca-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-cs-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-da-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-de-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-en-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-es-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-fi-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-fr-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-gu-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-hi-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-hu-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-it-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-ja-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-ko-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-nb-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-nl-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-nn-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-pl-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-pt-BR-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-pt-PT-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-ru-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-sk-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-sv-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-xh-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-zh-Hans-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-zh-Hant-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-l10n-zu-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-mailmerge-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-math-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-officebean-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-pyuno-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-sdk-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-voikko-4.1-2.26\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-writer-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreoffice-writer-extensions-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvoikko1-3.7.1-5.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-af_NA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-af_ZA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_AE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_BH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_DZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_EG-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_IQ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_JO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_KW-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_LB-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_LY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_MA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_OM-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_QA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_SA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_SD-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_SY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_TN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ar_YE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-be_BY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-bg_BG-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-bn_BD-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-bn_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-bs-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-bs_BA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ca-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ca_AD-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ca_ES-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ca_ES_valencia-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ca_FR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ca_IT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-cs_CZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-da_DK-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-de-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-de_AT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-de_CH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-de_DE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-dictionaries-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-el_GR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_AU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_BS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_BZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_CA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_GB-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_GH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_IE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_JM-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_MW-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_NA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_NZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_PH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_TT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_US-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_ZA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-en_ZW-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_AR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_BO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_CL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_CO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_CR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_CU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_DO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_EC-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_ES-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_GT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_HN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_MX-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_NI-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_PA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_PE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_PR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_PY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_SV-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_UY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-es_VE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-et_EE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-fr_BE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-fr_CA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-fr_CH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-fr_FR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-fr_LU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-fr_MC-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-gu_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-he_IL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-hi_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-hr_HR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-hu_HU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-it_IT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lightproof-en-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lightproof-hu_HU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lightproof-pt_BR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lightproof-ru_RU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lo_LA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lt_LT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-lv_LV-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-nb_NO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-nl_BE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-nl_NL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-nn_NO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-no-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-pl_PL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-pt_AO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-pt_BR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-pt_PT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ro-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ro_RO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-ru_RU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sk_SK-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sl_SI-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sr-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sr_CS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sr_Latn_CS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sr_Latn_RS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sr_RS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sv_FI-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-sv_SE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-te-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-te_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-th_TH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-vi-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-vi_VN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"myspell-zu_ZA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"python-importlib-1.0.2-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libhyphen0-2.8.8-2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libmythes-1_2-0-1.2.4-2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-base-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-base-drivers-postgresql-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-calc-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-calc-extensions-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-draw-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-filters-optional-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-gnome-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-icon-theme-galaxy-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-icon-theme-tango-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-impress-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-kde4-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-af-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-ar-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-ca-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-cs-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-da-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-de-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-en-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-es-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-fi-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-fr-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-gu-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-hi-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-hu-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-it-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-ja-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-ko-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-nb-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-nl-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-nn-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-pl-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-pt-BR-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-pt-PT-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-ru-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-sk-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-sv-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-xh-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-zh-Hans-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-zh-Hant-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-l10n-zu-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-mailmerge-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-math-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-officebean-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-pyuno-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-sdk-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-voikko-4.1-2.26\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-writer-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libreoffice-writer-extensions-5.0.4.2-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libvoikko1-3.7.1-5.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-af_NA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-af_ZA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_AE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_BH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_DZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_EG-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_IQ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_JO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_KW-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_LB-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_LY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_MA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_OM-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_QA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_SA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_SD-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_SY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_TN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ar_YE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-be_BY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-bg_BG-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-bn_BD-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-bn_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-bs-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-bs_BA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ca-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ca_AD-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ca_ES-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ca_ES_valencia-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ca_FR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ca_IT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-cs_CZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-da_DK-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-de-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-de_AT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-de_CH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-de_DE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-dictionaries-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-el_GR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_AU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_BS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_BZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_CA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_GB-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_GH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_IE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_JM-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_MW-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_NA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_NZ-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_PH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_TT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_US-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_ZA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-en_ZW-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_AR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_BO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_CL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_CO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_CR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_CU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_DO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_EC-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_ES-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_GT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_HN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_MX-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_NI-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_PA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_PE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_PR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_PY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_SV-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_UY-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-es_VE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-et_EE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-fr_BE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-fr_CA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-fr_CH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-fr_FR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-fr_LU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-fr_MC-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-gu_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-he_IL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-hi_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-hr_HR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-hu_HU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-it_IT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lightproof-en-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lightproof-hu_HU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lightproof-pt_BR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lightproof-ru_RU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lo_LA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lt_LT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-lv_LV-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-nb_NO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-nl_BE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-nl_NL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-nn_NO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-no-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-pl_PL-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-pt_AO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-pt_BR-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-pt_PT-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ro-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ro_RO-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-ru_RU-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sk_SK-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sl_SI-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sr-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sr_CS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sr_Latn_CS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sr_Latn_RS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sr_RS-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sv_FI-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-sv_SE-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-te-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-te_IN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-th_TH-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-vi-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-vi_VN-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"myspell-zu_ZA-20150827-23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"python-importlib-1.0.2-0.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for LibreOffice\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:23:08", "description": "This update brings LibreOffice to version 5.0.2, a major version\nupdate.\n\nIt brings lots of new features, bugfixes and also security fixes.\n\nFeatures as seen on http://www.libreoffice.org/discover/new-features/\n\n - LibreOffice 5.0 ships an impressive number of new\n features for its spreadsheet module, Calc: complex\n formulae image cropping, new functions, more powerful\n conditional formatting, table addressing and much more.\n Calc's blend of performance and features makes it an\n enterprise-ready, heavy duty spreadsheet application\n capable of handling all kinds of workload for an\n impressive range of use cases\n\n - New icons, major improvements to menus and sidebar : no\n other LibreOffice version has looked that good and\n helped you be creative and get things done the right\n way. In addition, style management is now more intuitive\n thanks to the visualization of styles right in the\n interface.\n\n - LibreOffice 5 ships with numerous improvements to\n document import and export filters for MS Office, PDF,\n RTF, and more. You can now timestamp PDF documents\n generated with LibreOffice and enjoy enhanced document\n conversion fidelity all around.\n\nThe Pentaho Flow Reporting Engine is now added and used.\n\nSecurity issues fixed :\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 did not properly track\n directionally isolated pieces of text, which allowed\n remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly execute\n arbitrary code via crafted text.\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 used an integer data type that\n is inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text.\n\n - CVE-2015-4551: An arbitrary file disclosure\n vulnerability in Libreoffice and Openoffice Calc and\n Writer was fixed.\n\n - CVE-2015-1774: The HWP filter in LibreOffice allowed\n remote attackers to cause a denial of service (crash) or\n possibly execute arbitrary code via a crafted HWP\n document, which triggered an out-of-bounds write.\n\n - CVE-2015-5212: A LibreOffice 'PrinterSetup Length'\n integer underflow vulnerability could be used by\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5213: A LibreOffice 'Piece Table Counter'\n invalid check design error vulnerability allowed\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5214: Multiple Vendor LibreOffice Bookmark\n Status Memory Corruption Vulnerability allowed attackers\n supplying documents to execute code as the user opening\n the document.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2015-11-05T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : Recommended update for LibreOffice (SUSE-SU-2015:1915-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5214", "CVE-2015-1774", "CVE-2014-8147", "CVE-2015-5212", "CVE-2014-8146", "CVE-2015-4551", "CVE-2015-5213"], "modified": "2015-11-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:librevenge-0_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-math", "p-cpe:/a:novell:suse_linux:myspell-dictionaries", "p-cpe:/a:novell:suse_linux:libreoffice-voikko", "p-cpe:/a:novell:suse_linux:libreoffice-filters-optional", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:liborcus-debugsource", "p-cpe:/a:novell:suse_linux:libreoffice-pyuno-debuginfo", "p-cpe:/a:novell:suse_linux:liborcus-0_8-0-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-impress", "p-cpe:/a:novell:suse_linux:libcdr-0_1", "p-cpe:/a:novell:suse_linux:cmis-client-debugsource", "p-cpe:/a:novell:suse_linux:libwps-0_4", "p-cpe:/a:novell:suse_linux:librevenge-0_0", "p-cpe:/a:novell:suse_linux:libgraphite2-3", "p-cpe:/a:novell:suse_linux:libreoffice-writer-debuginfo", "p-cpe:/a:novell:suse_linux:libmspub-debugsource", "p-cpe:/a:novell:suse_linux:libetonyek-0_1", "p-cpe:/a:novell:suse_linux:libreoffice-gnome", "p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql-debuginfo", "p-cpe:/a:novell:suse_linux:libixion-0_10", "p-cpe:/a:novell:suse_linux:libgltf-debugsource", "p-cpe:/a:novell:suse_linux:libpagemaker-0_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-calc", "p-cpe:/a:novell:suse_linux:libreoffice-officebean", "p-cpe:/a:novell:suse_linux:libcmis-0_5", "p-cpe:/a:novell:suse_linux:liblangtag-debugsource", "p-cpe:/a:novell:suse_linux:libreoffice-impress-debuginfo", "p-cpe:/a:novell:suse_linux:libodfgen-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:libabw-debugsource", "p-cpe:/a:novell:suse_linux:libvoikko1-debuginfo", "p-cpe:/a:novell:suse_linux:libabw-0_1", "p-cpe:/a:novell:suse_linux:libreoffice-mailmerge", "p-cpe:/a:novell:suse_linux:libodfgen-0_1", "p-cpe:/a:novell:suse_linux:libreoffice-officebean-debuginfo", "p-cpe:/a:novell:suse_linux:libabw-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice", "p-cpe:/a:novell:suse_linux:libfreehand-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:libixion-0_10-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgraphite2-3-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-calc-debuginfo", "p-cpe:/a:novell:suse_linux:libwps-debugsource", "p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:libhyphen0", "p-cpe:/a:novell:suse_linux:libmspub-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:libfreehand-debugsource", "p-cpe:/a:novell:suse_linux:libvisio-0_1", "p-cpe:/a:novell:suse_linux:libe-book-debugsource", "p-cpe:/a:novell:suse_linux:liblangtag1-debuginfo", "p-cpe:/a:novell:suse_linux:libwps-0_4-4-debuginfo", "p-cpe:/a:novell:suse_linux:libpagemaker-debugsource", "p-cpe:/a:novell:suse_linux:libe-book-0_1", "p-cpe:/a:novell:suse_linux:libixion-debugsource", "p-cpe:/a:novell:suse_linux:libfreehand-0_1", "p-cpe:/a:novell:suse_linux:libreoffice-base", "p-cpe:/a:novell:suse_linux:libgltf-0_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libhyphen0-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-base-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-writer", "p-cpe:/a:novell:suse_linux:libcmis-0_5-5-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-pyuno", "p-cpe:/a:novell:suse_linux:libe-book-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-draw-debuginfo", "p-cpe:/a:novell:suse_linux:libvisio-debugsource", "p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql", "p-cpe:/a:novell:suse_linux:libvoikko1", "p-cpe:/a:novell:suse_linux:libvoikko-debugsource", "p-cpe:/a:novell:suse_linux:libetonyek-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:libcdr-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:hyphen-debugsource", "p-cpe:/a:novell:suse_linux:librevenge-stream-0_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:liblangtag1", "p-cpe:/a:novell:suse_linux:libreoffice-debugsource", "p-cpe:/a:novell:suse_linux:libreoffice-draw", "p-cpe:/a:novell:suse_linux:libcdr-debugsource", "p-cpe:/a:novell:suse_linux:libgraphite2", "p-cpe:/a:novell:suse_linux:libreoffice-math-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-voikko-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-debuginfo", "p-cpe:/a:novell:suse_linux:cmis-client-debuginfo", "p-cpe:/a:novell:suse_linux:libreoffice-writer-extensions", "p-cpe:/a:novell:suse_linux:libodfgen-debugsource", "p-cpe:/a:novell:suse_linux:libmspub-0_1", "p-cpe:/a:novell:suse_linux:libreoffice-calc-extensions", "p-cpe:/a:novell:suse_linux:libvisio-0_1-1-debuginfo", "p-cpe:/a:novell:suse_linux:librevenge-debugsource", "p-cpe:/a:novell:suse_linux:libmwaw-0_3-3-debuginfo", "p-cpe:/a:novell:suse_linux:liborcus-0_8", "p-cpe:/a:novell:suse_linux:libpagemaker-0_0", "p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql", "p-cpe:/a:novell:suse_linux:librevenge-stream-0_0", "p-cpe:/a:novell:suse_linux:libmwaw-0_3", "p-cpe:/a:novell:suse_linux:graphite2-debuginfo", "p-cpe:/a:novell:suse_linux:libetonyek-debugsource", "p-cpe:/a:novell:suse_linux:libgltf-0_0", "p-cpe:/a:novell:suse_linux:graphite2-debugsource", "p-cpe:/a:novell:suse_linux:libmwaw-debugsource"], "id": "SUSE_SU-2015-1915-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1915-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86757);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8146\", \"CVE-2014-8147\", \"CVE-2015-1774\", \"CVE-2015-4551\", \"CVE-2015-5212\", \"CVE-2015-5213\", \"CVE-2015-5214\");\n script_bugtraq_id(74338, 74457);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : Recommended update for LibreOffice (SUSE-SU-2015:1915-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings LibreOffice to version 5.0.2, a major version\nupdate.\n\nIt brings lots of new features, bugfixes and also security fixes.\n\nFeatures as seen on http://www.libreoffice.org/discover/new-features/\n\n - LibreOffice 5.0 ships an impressive number of new\n features for its spreadsheet module, Calc: complex\n formulae image cropping, new functions, more powerful\n conditional formatting, table addressing and much more.\n Calc's blend of performance and features makes it an\n enterprise-ready, heavy duty spreadsheet application\n capable of handling all kinds of workload for an\n impressive range of use cases\n\n - New icons, major improvements to menus and sidebar : no\n other LibreOffice version has looked that good and\n helped you be creative and get things done the right\n way. In addition, style management is now more intuitive\n thanks to the visualization of styles right in the\n interface.\n\n - LibreOffice 5 ships with numerous improvements to\n document import and export filters for MS Office, PDF,\n RTF, and more. You can now timestamp PDF documents\n generated with LibreOffice and enjoy enhanced document\n conversion fidelity all around.\n\nThe Pentaho Flow Reporting Engine is now added and used.\n\nSecurity issues fixed :\n\n - CVE-2014-8146: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 did not properly track\n directionally isolated pieces of text, which allowed\n remote attackers to cause a denial of service\n (heap-based buffer overflow) or possibly execute\n arbitrary code via crafted text.\n\n - CVE-2014-8147: The resolveImplicitLevels function in\n common/ubidi.c in the Unicode Bidirectional Algorithm\n implementation in ICU4C in International Components for\n Unicode (ICU) before 55.1 used an integer data type that\n is inconsistent with a header file, which allowed remote\n attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary\n code via crafted text.\n\n - CVE-2015-4551: An arbitrary file disclosure\n vulnerability in Libreoffice and Openoffice Calc and\n Writer was fixed.\n\n - CVE-2015-1774: The HWP filter in LibreOffice allowed\n remote attackers to cause a denial of service (crash) or\n possibly execute arbitrary code via a crafted HWP\n document, which triggered an out-of-bounds write.\n\n - CVE-2015-5212: A LibreOffice 'PrinterSetup Length'\n integer underflow vulnerability could be used by\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5213: A LibreOffice 'Piece Table Counter'\n invalid check design error vulnerability allowed\n attackers supplying documents to execute code as the\n user opening the document.\n\n - CVE-2015-5214: Multiple Vendor LibreOffice Bookmark\n Status Memory Corruption Vulnerability allowed attackers\n supplying documents to execute code as the user opening\n the document.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.libreoffice.org/discover/new-features/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.libreoffice.org/discover/new-features/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=470073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=806250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=829430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=890735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1774/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5214/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151915-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd02c58f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-797=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-797=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-797=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-797=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cmis-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cmis-client-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:graphite2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:graphite2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyphen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libabw-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libabw-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libabw-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcdr-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcdr-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcdr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcmis-0_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcmis-0_5-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libe-book-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libe-book-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libe-book-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libetonyek-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libetonyek-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libetonyek-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreehand-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreehand-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreehand-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgltf-0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgltf-0_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgltf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgraphite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgraphite2-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgraphite2-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libhyphen0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libhyphen0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libixion-0_10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libixion-0_10-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libixion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblangtag-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblangtag1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblangtag1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmspub-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmspub-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmspub-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmwaw-0_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmwaw-0_3-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmwaw-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libodfgen-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libodfgen-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libodfgen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liborcus-0_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liborcus-0_8-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liborcus-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpagemaker-0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpagemaker-0_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpagemaker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-base-drivers-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-calc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-calc-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-draw-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-filters-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-impress-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-mailmerge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-math-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-officebean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-officebean-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-pyuno-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-voikko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-voikko-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-writer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreoffice-writer-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librevenge-0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librevenge-0_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librevenge-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librevenge-stream-0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librevenge-stream-0_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvisio-0_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvisio-0_1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvisio-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvoikko-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvoikko1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvoikko1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwps-0_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwps-0_4-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwps-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:myspell-dictionaries\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"graphite2-debuginfo-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"graphite2-debugsource-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgraphite2-3-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgraphite2-3-debuginfo-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgraphite2-3-32bit-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgraphite2-3-debuginfo-32bit-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"cmis-client-debuginfo-0.5.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"cmis-client-debugsource-0.5.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"graphite2-debuginfo-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"graphite2-debugsource-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"hyphen-debugsource-2.8.8-9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libabw-0_1-1-0.1.1-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libabw-0_1-1-debuginfo-0.1.1-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libabw-debugsource-0.1.1-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcdr-0_1-1-0.1.1-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcdr-0_1-1-debuginfo-0.1.1-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcdr-debugsource-0.1.1-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcmis-0_5-5-0.5.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libcmis-0_5-5-debuginfo-0.5.0-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libe-book-0_1-1-0.1.2-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libe-book-0_1-1-debuginfo-0.1.2-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libe-book-debugsource-0.1.2-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libetonyek-0_1-1-0.1.3-3.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libetonyek-0_1-1-debuginfo-0.1.3-3.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libetonyek-debugsource-0.1.3-3.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreehand-0_1-1-0.1.1-4.9\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreehand-0_1-1-debuginfo-0.1.1-4.9\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreehand-debugsource-0.1.1-4.9\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgltf-0_0-0-0.0.1-2.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgltf-0_0-0-debuginfo-0.0.1-2.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgltf-debugsource-0.0.1-2.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgraphite2-3-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgraphite2-3-32bit-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgraphite2-3-debuginfo-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgraphite2-3-debuginfo-32bit-1.3.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libhyphen0-2.8.8-9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libhyphen0-debuginfo-2.8.8-9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libixion-0_10-0-0.9.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libixion-0_10-0-debuginfo-0.9.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libixion-debugsource-0.9.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"liblangtag-debugsource-0.5.7-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"liblangtag1-0.5.7-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"liblangtag1-debuginfo-0.5.7-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmspub-0_1-1-0.1.2-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmspub-0_1-1-debuginfo-0.1.2-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmspub-debugsource-0.1.2-5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmwaw-0_3-3-0.3.6-3.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmwaw-0_3-3-debuginfo-0.3.6-3.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmwaw-debugsource-0.3.6-3.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libodfgen-0_1-1-0.1.4-3.9\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libodfgen-0_1-1-debuginfo-0.1.4-3.9\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libodfgen-debugsource-0.1.4-3.9\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"liborcus-0_8-0-0.7.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"liborcus-0_8-0-debuginfo-0.7.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"liborcus-debugsource-0.7.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpagemaker-0_0-0-0.0.2-2.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpagemaker-0_0-0-debuginfo-0.0.2-2.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpagemaker-debugsource-0.0.2-2.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-base-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-base-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-base-drivers-mysql-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-base-drivers-mysql-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-base-drivers-postgresql-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-base-drivers-postgresql-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-calc-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-calc-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-calc-extensions-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-debugsource-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-draw-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-draw-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-filters-optional-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-gnome-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-gnome-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-impress-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-impress-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-mailmerge-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-math-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-math-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-officebean-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-officebean-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-pyuno-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-pyuno-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-voikko-4.1-6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-voikko-debuginfo-4.1-6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-writer-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-writer-debuginfo-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libreoffice-writer-extensions-5.0.2.2-13.14\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"librevenge-0_0-0-0.0.2-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"librevenge-0_0-0-debuginfo-0.0.2-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"librevenge-debugsource-0.0.2-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"librevenge-stream-0_0-0-0.0.2-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"librevenge-stream-0_0-0-debuginfo-0.0.2-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvisio-0_1-1-0.1.3-4.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvisio-0_1-1-debuginfo-0.1.3-4.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvisio-debugsource-0.1.3-4.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvoikko-debugsource-3.7.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvoikko1-3.7.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libvoikko1-debuginfo-3.7.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwps-0_4-4-0.4.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwps-0_4-4-debuginfo-0.4.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwps-debugsource-0.4.1-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"myspell-dictionaries-20150827-5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for LibreOffice\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:58:14", "description": "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45\nallows remote attackers to affect confidentiality, integrity, and\navailability via unknown vectors related to 2D.", "edition": 25, "published": "2016-08-24T00:00:00", "title": "F5 Networks BIG-IP : OpenJDK vulnerability (SOL17173)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4760"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL17173.NASL", "href": "https://www.tenable.com/plugins/nessus/93084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL17173.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93084);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-4760\");\n script_bugtraq_id(75784);\n\n script_name(english:\"F5 Networks BIG-IP : OpenJDK vulnerability (SOL17173)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45\nallows remote attackers to affect confidentiality, integrity, and\navailability via unknown vectors related to 2D.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17173\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL17173.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL17173\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:43:36", "description": "A vulnerability has been found in the International Components for\nUnicode (ICU) library :\n\nCVE-2015-4760\n\nIt was discovered that ICU Layout Engine was missing multiple boundary\nchecks. These could lead to buffer overflows and memory corruption. A\nspecially crafted file could cause an application using ICU to parse\nuntrusted font files to crash and, possibly, execute arbitrary code.\n\nFor the squeeze distribution, these issues have been fixed in version\n4.4.1-8+squeeze4 of icu.\n\nWe recommend to upgrade your icu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-07-29T00:00:00", "title": "Debian DLA-283-1 : icu security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4760"], "modified": "2015-07-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:icu-doc", "p-cpe:/a:debian:debian_linux:libicu44-dbg", "p-cpe:/a:debian:debian_linux:libicu-dev", "p-cpe:/a:debian:debian_linux:libicu44", "p-cpe:/a:debian:debian_linux:lib32icu44", "p-cpe:/a:debian:debian_linux:lib32icu-dev"], "id": "DEBIAN_DLA-283.NASL", "href": "https://www.tenable.com/plugins/nessus/85050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-283-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85050);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4760\");\n script_bugtraq_id(75784);\n\n script_name(english:\"Debian DLA-283-1 : icu security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found in the International Components for\nUnicode (ICU) library :\n\nCVE-2015-4760\n\nIt was discovered that ICU Layout Engine was missing multiple boundary\nchecks. These could lead to buffer overflows and memory corruption. A\nspecially crafted file could cause an application using ICU to parse\nuntrusted font files to crash and, possibly, execute arbitrary code.\n\nFor the squeeze distribution, these issues have been fixed in version\n4.4.1-8+squeeze4 of icu.\n\nWe recommend to upgrade your icu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/07/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/icu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icu-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lib32icu-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lib32icu44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libicu-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libicu44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libicu44-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icu-doc\", reference:\"4.4.1-8+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib32icu-dev\", reference:\"4.4.1-8+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib32icu44\", reference:\"4.4.1-8+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libicu-dev\", reference:\"4.4.1-8+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libicu44\", reference:\"4.4.1-8+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libicu44-dbg\", reference:\"4.4.1-8+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "description": "Pedro Ribeiro discovered that ICU incorrectly handled certain memory \noperations when processing data. If an application using ICU processed \ncrafted data, an attacker could cause it to crash or potentially execute \narbitrary code with the privileges of the user invoking the program.", "edition": 5, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "USN-2605-1", "href": "https://ubuntu.com/security/notices/USN-2605-1", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:35:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2632", "CVE-2015-1270", "CVE-2015-4760"], "description": "Atte Kettunen discovered that ICU incorrectly handled certain converter \nnames. If an application using ICU processed crafted data, a remote \nattacker could possibly cause it to crash. (CVE-2015-1270)\n\nIt was discovered that ICU incorrectly handled certain memory operations \nwhen processing data. If an application using ICU processed crafted data, \na remote attacker could possibly cause it to crash or potentially execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2015-2632, CVE-2015-4760)", "edition": 5, "modified": "2015-09-16T00:00:00", "published": "2015-09-16T00:00:00", "id": "USN-2740-1", "href": "https://ubuntu.com/security/notices/USN-2740-1", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font \npatches caused a regression when using LibreOffice Calc. The patches have \nbeen temporarily backed out until the regression is investigated.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing fonts. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. This issue only affected \nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, \nCVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing fonts. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2014-6585, \nCVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing regular expressions. If an application using ICU processed \ncrafted data, an attacker could cause it to crash or potentially execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled \nmemory operations. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2014-7940)", "edition": 5, "modified": "2015-03-06T00:00:00", "published": "2015-03-06T00:00:00", "id": "USN-2522-2", "href": "https://ubuntu.com/security/notices/USN-2522-2", "title": "ICU regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:06", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font \npatches caused a regression when using LibreOffice Calc. The patches have \nnow been updated to fix the regression.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing fonts. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. This issue only affected \nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, \nCVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing fonts. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2014-6585, \nCVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing regular expressions. If an application using ICU processed \ncrafted data, an attacker could cause it to crash or potentially execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled \nmemory operations. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2014-7940)", "edition": 5, "modified": "2015-03-10T00:00:00", "published": "2015-03-10T00:00:00", "id": "USN-2522-3", "href": "https://ubuntu.com/security/notices/USN-2522-3", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "It was discovered that ICU incorrectly handled memory operations when \nprocessing fonts. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. This issue only affected \nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, \nCVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing fonts. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2014-6585, \nCVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when \nprocessing regular expressions. If an application using ICU processed \ncrafted data, an attacker could cause it to crash or potentially execute \narbitrary code with the privileges of the user invoking the program. \n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled \nmemory operations. If an application using ICU processed crafted data, an \nattacker could cause it to crash or potentially execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2014-7940)", "edition": 5, "modified": "2015-03-05T00:00:00", "published": "2015-03-05T00:00:00", "id": "USN-2522-1", "href": "https://ubuntu.com/security/notices/USN-2522-1", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "description": "### Background\n\nInternational Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll International Components for Unicode users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/icu-55.1\"", "edition": 1, "modified": "2015-07-07T00:00:00", "published": "2015-07-07T00:00:00", "id": "GLSA-201507-04", "href": "https://security.gentoo.org/glsa/201507-04", "type": "gentoo", "title": "International Components for Unicode: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2018-01-25T18:52:38", "description": "ICU library 52 < 54 - Multiple Vulnerabilities. CVE-2014-8146,CVE-2014-8147. Local exploit for Multiple platform", "published": "2015-06-10T00:00:00", "type": "exploitdb", "title": "ICU library 52 < 54 - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "modified": "2015-06-10T00:00:00", "id": "EDB-ID:43887", "href": "https://www.exploit-db.com/exploits/43887/", "sourceData": ">> Heap overflow and integer overflow in ICU library (v52 to v54)\r\n>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security\r\n=================================================================================\r\nDisclosure: 04/05/2015 / Last updated: 07/05/2015\r\n\r\n>> Background on the affected products:\r\nICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. ICU is widely portable and gives applications the same results on all platforms and between C/C++ and Java software.\r\n\r\n\r\n>> Summary:\r\nWhile fuzzing LibreOffice an integer overflow and a heap overflow were found in the ICU library. This library is used by LibreOffice and hundreds of other software packages.\r\nProof of concept files can be downloaded from [1]. These files have been tested with LibreOffice 4.3.3.2 and LibreOffice 4.4.0-beta2 and ICU 52.\r\nNote that at this point in time it is unknown whether these vulnerabilities are exploitable.\r\nThanks to CERT [2] for helping disclose these vulnerabilities.\r\n\r\n\r\n>> Technical details:\r\n#1\r\nVulnerability: Heap overflow\r\nCVE-2014-8146\r\n\r\nThe code to blame is the following (from ubidi.c:2148 in ICU 52):\r\n dirProp=dirProps[limit-1];\r\n if((dirProp==LRI || dirProp==RLI) && limit<pBiDi->length) {\r\n pBiDi->isolateCount++;\r\n pBiDi->isolates[pBiDi->isolateCount].stateImp=stateImp;\r\n pBiDi->isolates[pBiDi->isolateCount].state=levState.state;\r\n pBiDi->isolates[pBiDi->isolateCount].start1=start1;\r\n }\r\n else\r\n processPropertySeq(pBiDi, &levState, eor, limit, limit);\r\n\r\nUnder certain conditions isolateCount is incremented too many times, which results in several out of bounds writes. See [1] for a more detailed analysis.\r\n\r\n\r\n#2\r\nVulnerability: Integer overflow\r\nCVE-2014-8147\r\n\r\nThe overflow is on the resolveImplicitLevels function (ubidi.c:2248):\r\n pBiDi->isolates[pBiDi->isolateCount].state=levState.state;\r\n\r\npBiDi->isolates[].state is a int16, while levState.state is a int32.\r\nThe overflow causes an error when performing a malloc on pBiDi->insertPoints->points because insertPoints is adjacent in memory to isolates[].\r\n\r\nThe Isolate struct is defined in ubidiimp.h:184\r\ntypedef struct Isolate {\r\n int32_t startON;\r\n int32_t start1;\r\n int16_t stateImp;\r\n int16_t state;\r\n} Isolate;\r\n\r\nLevState is defined in ubidi.c:1748\r\ntypedef struct {\r\n const ImpTab * pImpTab; /* level table pointer */\r\n const ImpAct * pImpAct; /* action map array */\r\n int32_t startON; /* start of ON sequence */\r\n int32_t startL2EN; /* start of level 2 sequence */\r\n int32_t lastStrongRTL; /* index of last found R or AL */\r\n int32_t state; /* current state */\r\n int32_t runStart; /* start position of the run */\r\n UBiDiLevel runLevel; /* run level before implicit solving */\r\n} LevState;\r\n\r\n\r\n>> Fix: \r\nAll ICU releases between 52 and 54 are affected. Upgrade to ICU 55.1 to fix these vulnerabilities.\r\nThere are many other software packages which embed the ICU code and will need to be updated.\r\nPatches that fix these vulnerabilities can be obtained from the ICU project in [3] and [4].\r\n\r\n\r\n>> References:\r\n[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z (EDB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43887.zip)\r\n[2] https://www.kb.cert.org/vuls/id/602540\r\n[3] http://bugs.icu-project.org/trac/changeset/37080\r\n[4] http://bugs.icu-project.org/trac/changeset/37162\r\n\r\n\r\n================\r\nAgile Information Security Limited\r\nhttp://www.agileinfosec.co.uk/\r\n>> Enabling secure digital business >>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/43887/"}], "cert": [{"lastseen": "2020-09-18T20:42:03", "bulletinFamily": "info", "cvelist": ["CVE-2014-8146", "CVE-2014-8147"], "description": "### Overview \n\nICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow.\n\n### Description \n\nThe ICU Project [describes ICU](<http://site.icu-project.org/>) as \"a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications.\"\n\n[**CWE-122**](<https://cwe.mitre.org/data/definitions/122.html>)**: Heap-based Buffer Overflow **\\- CVE-2014-8146 \n \nMultiple out-of-bounds writes may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C. \n \n[**CWE-190**](<https://cwe.mitre.org/data/definitions/190.html>)**: Integer Overflow or Wraparound** \\- CVE-2014-8147 \n \nAn integer overflow may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C due to the assignment of an int32 value to an int16 type. \n \nBoth issues may lead to denial of service and the possibility of code execution. For more details, refer to [Pedro Ribeiro's disclosure](<https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt>). \n \n--- \n \n### Impact \n\nAn attacker may be able to provide input that triggers one or both overflow vulnerabilities, leading to denial of service and the possibility of code execution. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nThese issues have been addressed in ICU4C version 55.1. Developers are encouraged to update applications that make use of affected versions of ICU4C. Users of affected products should check with product vendors for updates that utilize a patched version of ICU4C. \n \n--- \n \n### Vendor Information\n\n602540\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux Affected\n\nNotified: April 30, 2015 Updated: August 03, 2015 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.debian.org/security/2015/dsa-3323>\n\n### FreeBSD Project __ Affected\n\nNotified: April 30, 2015 Updated: May 01, 2015 \n\n**Statement Date: April 30, 2015**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Thanks for the notification. We believe this have been already \naddressed in FreeBSD about a week ago: \n \n[https://svnweb.freebsd.org/ports?view=revision&revision=384614](<https://svnweb.freebsd.org/ports?view=revision&revision=384614>) \n \nPrior to that we are affected as the previous icu version was 53.1.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://svnweb.freebsd.org/ports?view=revision&revision=384614](<https://svnweb.freebsd.org/ports?view=revision&revision=384614>)\n\n### ICU Project __ Affected\n\nNotified: April 24, 2015 Updated: May 04, 2015 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://site.icu-project.org/download>\n\n### Addendum\n\nICU4C versions 52 through 54 are affected by these vulnerabilities.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23602540 Feedback>).\n\n### SAP Not Affected\n\nNotified: April 30, 2015 Updated: May 07, 2015 \n\n**Statement Date: May 06, 2015**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Adobe Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Amazon Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Apache HTTP Server Project Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Apple Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Avaya, Inc. Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### BAE Systems Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Business Objects Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Dell Computer Corporation, Inc. Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EMC Corporation Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Eclipse Foundation Inc Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Environmental Systems Research Institute Inc Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Gentoo Linux Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Google Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hewlett-Packard Company Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Intel Corporation Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Mandriva S. A. Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Mozilla Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenOffice.org Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Progress Software, Inc. Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QNX Software Systems Inc. Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SUSE Linux Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sybase Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Symantec Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Trend Micro Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Yahoo, Inc. Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### eBay Unknown\n\nNotified: April 30, 2015 Updated: April 30, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 31 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 3.4 | E:POC/RL:OF/RC:C \nEnvironmental | 3.4 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://site.icu-project.org/>\n * <http://site.icu-project.org/download/55>\n * <http://site.icu-project.org/#TOC-Who-Uses-ICU->\n * <https://cwe.mitre.org/data/definitions/122.html>\n * <https://cwe.mitre.org/data/definitions/190.html>\n * <https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt>\n\n### Acknowledgements\n\nThanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting this vulnerability.\n\nThis document was written by Joel Land.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2014-8146](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-8146>), [CVE-2014-8147](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-8147>) \n---|--- \n**Date Public:** | 2015-05-04 \n**Date First Published:** | 2015-05-04 \n**Date Last Updated: ** | 2015-08-03 14:03 UTC \n**Document Revision: ** | 25 \n", "modified": "2015-08-03T14:03:00", "published": "2015-05-04T00:00:00", "id": "VU:602540", "href": "https://www.kb.cert.org/vuls/id/602540", "type": "cert", "title": "ICU Project ICU4C library contains multiple overflow vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:20", "description": "\nICU library 52 54 - Multiple Vulnerabilities", "edition": 1, "published": "2015-06-10T00:00:00", "title": "ICU library 52 54 - Multiple Vulnerabilities", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-8147", "CVE-2014-8146"], "modified": "2015-06-10T00:00:00", "id": "EXPLOITPACK:9750C06F2886431FD4242B84085D678F", "href": "", "sourceData": ">> Heap overflow and integer overflow in ICU library (v52 to v54)\n>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security\n=================================================================================\nDisclosure: 04/05/2015 / Last updated: 07/05/2015\n\n>> Background on the affected products:\nICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. ICU is widely portable and gives applications the same results on all platforms and between C/C++ and Java software.\n\n\n>> Summary:\nWhile fuzzing LibreOffice an integer overflow and a heap overflow were found in the ICU library. This library is used by LibreOffice and hundreds of other software packages.\nProof of concept files can be downloaded from [1]. These files have been tested with LibreOffice 4.3.3.2 and LibreOffice 4.4.0-beta2 and ICU 52.\nNote that at this point in time it is unknown whether these vulnerabilities are exploitable.\nThanks to CERT [2] for helping disclose these vulnerabilities.\n\n\n>> Technical details:\n#1\nVulnerability: Heap overflow\nCVE-2014-8146\n\nThe code to blame is the following (from ubidi.c:2148 in ICU 52):\n dirProp=dirProps[limit-1];\n if((dirProp==LRI || dirProp==RLI) && limit<pBiDi->length) {\n pBiDi->isolateCount++;\n pBiDi->isolates[pBiDi->isolateCount].stateImp=stateImp;\n pBiDi->isolates[pBiDi->isolateCount].state=levState.state;\n pBiDi->isolates[pBiDi->isolateCount].start1=start1;\n }\n else\n processPropertySeq(pBiDi, &levState, eor, limit, limit);\n\nUnder certain conditions isolateCount is incremented too many times, which results in several out of bounds writes. See [1] for a more detailed analysis.\n\n\n#2\nVulnerability: Integer overflow\nCVE-2014-8147\n\nThe overflow is on the resolveImplicitLevels function (ubidi.c:2248):\n pBiDi->isolates[pBiDi->isolateCount].state=levState.state;\n\npBiDi->isolates[].state is a int16, while levState.state is a int32.\nThe overflow causes an error when performing a malloc on pBiDi->insertPoints->points because insertPoints is adjacent in memory to isolates[].\n\nThe Isolate struct is defined in ubidiimp.h:184\ntypedef struct Isolate {\n int32_t startON;\n int32_t start1;\n int16_t stateImp;\n int16_t state;\n} Isolate;\n\nLevState is defined in ubidi.c:1748\ntypedef struct {\n const ImpTab * pImpTab; /* level table pointer */\n const ImpAct * pImpAct; /* action map array */\n int32_t startON; /* start of ON sequence */\n int32_t startL2EN; /* start of level 2 sequence */\n int32_t lastStrongRTL; /* index of last found R or AL */\n int32_t state; /* current state */\n int32_t runStart; /* start position of the run */\n UBiDiLevel runLevel; /* run level before implicit solving */\n} LevState;\n\n\n>> Fix: \nAll ICU releases between 52 and 54 are affected. Upgrade to ICU 55.1 to fix these vulnerabilities.\nThere are many other software packages which embed the ICU code and will need to be updated.\nPatches that fix these vulnerabilities can be obtained from the ICU project in [3] and [4].\n\n\n>> References:\n[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z (EDB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43887.zip)\n[2] https://www.kb.cert.org/vuls/id/602540\n[3] http://bugs.icu-project.org/trac/changeset/37080\n[4] http://bugs.icu-project.org/trac/changeset/37162\n\n\n================\nAgile Information Security Limited\nhttp://www.agileinfosec.co.uk/\n>> Enabling secure digital business >>", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:56", "bulletinFamily": "info", "cvelist": ["CVE-2014-8146"], "description": "Multitudes of software packages that make use of the ICU Project C/C++ and Java libraries may need to update after a pair of memory-based vulnerabilities were discovered and subsequently patched.\n\n[Version 55.1 of the ICU Project ICU4C library](<http://site.icu-project.org/download/55>), released yesterday, addresses separate heap-based buffer overflow and integer overflow bugs in versions 52 through 54. Older versions of the library could also be affected, said researcher Pedro Ribeiro of Agile Information Security, who discovered the vulnerabilities while fuzzing LibreOffice, one of the numerous open source and enterprise software packages that are built using the library.\n\nThe ICU library lives in hundreds of software packages and embedded systems, including smart televisions, browsers and the Android operating system.\n\n\u201cAt this point in time, I haven\u2019t established whether these vulnerabilities can be manipulated in order to mount an attack on the affected software,\u201d Ribeiro told Threatpost. \u201cIf this can be exploited, then in the LibreOffice example, it could be exploited by a malicious, crafted file. For other affected software, \nlike the Chrome browser or the Android OS, it is hard to say \u2013 again it depends on how the library is used.\u201d\n\nRibeiro said the ICU library is used in different ways. LibreOffice, for example, calls the system\u2019s ICU library, while Chrome, for example, embeds ICU code in the software.\n\n\u201cThis malicious crafted file could then deliver a payload that would execute as the user running LibreOffice and escalate its privileges to administrator,\u201d Ribeiro said. \u201cThis can have a very high impact in an organization, as this is the way an APT attack works.\n\n\u201cOther software packages might be exploited in different ways,\u201d Ribeiro said. \u201cChrome for example via a crafted webpage, although again this has not been determined yet.\u201d\n\nThe DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University yesterday issued an [advisory](<http://www.kb.cert.org/vuls/id/602540>) warning organizations about the vulnerabilities. Of the heap-based buffer overflow (CVE-2014-8146), CERT said that multiple out-of-bounds writes could occur in the resolveImplicitLevels function of ubidi.c. With the integer overflow bug, CERT warns that the condition may occur also in the same function because an int32 value is assigned to an int16 type.\n\n\u201cAn attacker may be able to provide input that triggers one or both overflow vulnerabilities,\u201d the CERT advisory said, \u201cleading to denial of service and the possibility of code execution.\u201d\n\nCERT also provided a long [list of products that make use of the ICU l](<http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=602540&SearchOrder=4>)ibrary; as of this morning only the FreeBSD Project and ICU Project have acknowledged being affected. The remaining products are listed as unknown.\n\n\u201cTime will tell whether this is simply a memory corruption bug or something can be exploited,\u201d Ribeiro said. \u201cHowever given the impact in ICU I expect it to get a lot of attention.\u201d\n", "modified": "2015-05-07T21:16:29", "published": "2015-05-05T11:21:07", "id": "THREATPOST:21C84911FABE072264B0D4CA5BD42C30", "href": "https://threatpost.com/icu-project-overflow-vulnerabilities-patched/112623/", "type": "threatpost", "title": "ICU Project ICU4C Library Vulnerabilities Patched", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:11:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4760"], "description": "Package : icu\nVersion : 4.4.1-8+squeeze4\nCVE ID : CVE-2015-4760\n\nA vulnerability has been found in the International Components\nfor Unicode (ICU) library:\n\nCVE-2015-4760\n\n It was discovered that ICU Layout Engine was missing multiple\n boundary checks. These could lead to buffer overflows and memory\n corruption. A specially crafted file could cause an application\n using ICU to parse untrusted font files to crash and, possibly,\n execute arbitrary code.\n\nFor the squeeze distribution, these issues have been fixed in version\n4.4.1-8+squeeze4 of icu.\n\nWe recommend to upgrade your icu packages.\n", "edition": 3, "modified": "2015-07-28T13:23:50", "published": "2015-07-28T13:23:50", "id": "DEBIAN:DLA-283-1:93981", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201507/msg00022.html", "title": "[SECURITY] [DLA 283-1] icu security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:05:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3187-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icu\nCVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419\n CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926\n CVE-2014-7940 CVE-2014-9654\nDebian Bug : 775884 776264 776265 776719\n\nSeveral vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.\n\nCVE-2013-1569\n\n Glyph table issue.\n\nCVE-2013-2383\n\n Glyph table issue.\n\nCVE-2013-2384\n\n Font layout issue.\n\nCVE-2013-2419\n\n Font processing issue.\n\nCVE-2014-6585\n\n Out-of-bounds read.\n\nCVE-2014-6591\n\n Additional out-of-bounds reads.\n\nCVE-2014-7923\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7926\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7940\n\n Uninitialized memory.\n\nCVE-2014-9654\n\n More regular expression flaws.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.8.1.1-12+deb7u2.\n\nFor the upcoming stable (jessie) and unstable (sid) distributions, these\nproblems have been fixed in version 52.1-7.1.\n\nWe recommend that you upgrade your icu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2015-03-15T05:02:46", "published": "2015-03-15T05:02:46", "id": "DEBIAN:DSA-3187-1:97BB3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00072.html", "title": "[SECURITY] [DSA 3187-1] icu security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:24:23", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2384", "CVE-2014-7923", "CVE-2014-6585", "CVE-2014-7940", "CVE-2014-9654", "CVE-2013-2419", "CVE-2014-7926", "CVE-2014-6591", "CVE-2013-2383", "CVE-2013-1569"], "description": "Package : icu\nVersion : 4.4.1-8+squeeze3\nCVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419\n CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926\n CVE-2014-7940 CVE-2014-9654\n\nSeveral vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library:\n\nCVE-2013-1569\n\n Glyph table issue.\n\nCVE-2013-2383\n\n Glyph table issue.\n\nCVE-2013-2384\n\n Font layout issue.\n\nCVE-2013-2419\n\n Font processing issue.\n\nCVE-2014-6585\n\n Out-of-bounds read.\n\nCVE-2014-6591\n\n Additional out-of-bounds reads.\n\nCVE-2014-7923\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7926\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7940\n\n Uninitialized memory.\n\nCVE-2014-9654\n\n More regular expression flaws.\n\nFor Debian 6 \u201cSqueeze\u201d, these issues have been fixed in icu version\n4.4.1-8+squeeze3.\n", "edition": 7, "modified": "2015-05-14T09:45:48", "published": "2015-05-14T09:45:48", "id": "DEBIAN:DLA-219-1:C7AC1", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00003.html", "title": "[SECURITY] [DLA 219-1] icu security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:24:28", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "Package : openjdk-6\nVersion : 6b34-1.13.6-1~deb6u1\nCVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 \n CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395\n CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, information disclosure or denial of service.\n", "edition": 9, "modified": "2015-02-24T18:21:33", "published": "2015-02-24T18:21:33", "id": "DEBIAN:DLA-157-1:370F5", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00011.html", "title": "[SECURITY] [DLA 157-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3147-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 30, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nCVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 \n CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395\n CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, information disclosure or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b34-1.13.6-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-01-30T15:57:44", "published": "2015-01-30T15:57:44", "id": "DEBIAN:DSA-3147-1:2E393", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00030.html", "title": "[SECURITY] [DSA 3147-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-05-25T14:21:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7867", "CVE-2017-17484", "CVE-2017-15422", "CVE-2014-8147", "CVE-2014-8146", "CVE-2016-6293", "CVE-2017-7868", "CVE-2017-14952"], "description": "icu was updated to fix two security issues.\n\n These security issues were fixed:\n - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in\n the Unicode Bidirectional Algorithm implementation in ICU4C in\n International Components for Unicode (ICU) used an integer data type\n that is inconsistent with a header file, which allowed remote attackers\n to cause a denial of service (incorrect malloc followed by invalid free)\n or possibly execute arbitrary code via crafted text (bsc#929629).\n - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in\n the Unicode Bidirectional Algorithm implementation in ICU4C in\n International Components for Unicode (ICU) did not properly track\n directionally isolated pieces of text, which allowed remote attackers to\n cause a denial of service (heap-based buffer overflow) or possibly\n execute arbitrary code via crafted text (bsc#929629).\n - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode (ICU) for C/C++\n did not ensure that there is a '\\0' character at the end of a certain\n temporary array, which allowed remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have unspecified other impact\n via a call with a long httpAcceptLanguage argument (bsc#990636).\n - CVE-2017-7868: International Components for Unicode (ICU) for C/C++\n 2017-02-13 has an out-of-bounds write caused by a heap-based buffer\n overflow related to the utf8TextAccess function in common/utext.cpp and\n the utext_moveIndex32* function (bsc#1034674)\n - CVE-2017-7867: International Components for Unicode (ICU) for C/C++\n 2017-02-13 has an out-of-bounds write caused by a heap-based buffer\n overflow related to the utf8TextAccess function in common/utext.cpp and\n the utext_setNativeIndex* function (bsc#1034678)\n - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International\n Components for Unicode (ICU) for C/C++ allowed remote attackers to\n execute arbitrary code via a crafted string, aka a "redundant UVector\n entry clean up function call" issue (bnc#1067203)\n - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in\n International Components for Unicode (ICU) for C/C++ mishandled\n ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote\n attackers to cause a denial of service (stack-based buffer overflow and\n application crash) or possibly have unspecified other impact via a\n crafted string, as demonstrated by ZNC (bnc#1072193)\n - CVE-2017-15422: An integer overflow in icu during persian calendar date\n processing could lead to incorrect years shown (bnc#1077999)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-05-25T11:33:28", "published": "2018-05-25T11:33:28", "id": "OPENSUSE-SU-2018:1422-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00103.html", "title": "Security update for icu (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591"], "description": "Tools and utilities for developing with icu. ", "modified": "2015-03-22T04:41:48", "published": "2015-03-22T04:41:48", "id": "FEDORA:00D0E60BD9AA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: icu-50.1.2-11.fc20", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591"], "description": "Tools and utilities for developing with icu. ", "modified": "2015-04-02T15:35:43", "published": "2015-04-02T15:35:43", "id": "FEDORA:DE02E608A49F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: icu-52.1-5.fc21", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-9654"], "description": "Tools and utilities for developing with icu. ", "modified": "2015-04-28T12:58:53", "published": "2015-04-28T12:58:53", "id": "FEDORA:456376058289", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: icu-52.1-6.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-9654"], "description": "Tools and utilities for developing with icu. ", "modified": "2015-04-28T12:58:22", "published": "2015-04-28T12:58:22", "id": "FEDORA:DDCDA60582B7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: icu-50.1.2-12.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-9654"], "description": "Tools and utilities for developing with icu. ", "modified": "2015-10-13T17:07:12", "published": "2015-10-13T17:07:12", "id": "FEDORA:D1E11620D217", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: icu-54.1-4.fc22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-9654"], "description": "Tools and utilities for developing with icu. ", "modified": "2015-09-24T05:27:12", "published": "2015-09-24T05:27:12", "id": "FEDORA:B72AB60A6822", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: icu-54.1-5.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:49", "bulletinFamily": "software", "cvelist": ["CVE-2015-2632", "CVE-2015-1270", "CVE-2015-4760"], "description": "USN-2740-1 ICU Vulnerabilities\n\n# \n\nMedium to Low\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * icu \u2013 International Components for Unicode library \n\n# Description\n\nAtte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. ([CVE-2015-1270](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1270.html>))\n\nIt was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. ([CVE-2015-2632](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2632.html>), [CVE-2015-4760](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4760.html>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVEs. \n * Cloud Foundry Runtime: all versions of cf-release prior to 219 are vulnerable to the aforementioned CVEs. \n * PHP Buildpack: all versions of the buildpack prior to 4.1.4 contain a vulnerable version of libicu52. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry Deployments using BOSH stemcell v3093 or earlier upgrade to v3094 or later, which contain the patched versions of the Linux kernel to resolve the aforementioned CVEs. \n * The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 218 or lower upgrade to 219 or higher to resolve the aforementioned CVEs. \n\n# Credit\n\nAtte Kettunen\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2740-1/>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2015-10-07T00:00:00", "published": "2015-10-07T00:00:00", "id": "CFOUNDRY:07FC899E9F5F58E4BEDD842E4A4820A4", "href": "https://www.cloudfoundry.org/blog/usn-2740-1/", "title": "USN-2740-1 ICU Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6585", "CVE-2014-6591", "CVE-2014-6593", "CVE-2014-8891", "CVE-2014-8892", "CVE-2015-0395", "CVE-2015-0407", "CVE-2015-0408", "CVE-2015-0410"], "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2014-6585, CVE-2014-6591,\nCVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0407,\nCVE-2015-0408, CVE-2015-0410)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP9 release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-06-07T09:04:23", "published": "2015-02-05T05:00:00", "id": "RHSA-2015:0136", "href": "https://access.redhat.com/errata/RHSA-2015:0136", "type": "redhat", "title": "(RHSA-2015:0136) Important: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "[1:1.7.0.75-2.5.4.0.0.1.el5_11]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Oracle Linux'\n[1:1.7.0.75-2.5.4.0]\n- Bump to 2.5.4 using OpenJDK 7u75 b13.\n- Fix elliptic curve list as part of fsg.sh\n- Resolves: rhbz#1180294", "edition": 4, "modified": "2015-01-21T00:00:00", "published": "2015-01-21T00:00:00", "id": "ELSA-2015-0068", "href": "http://linux.oracle.com/errata/ELSA-2015-0068.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "[1:1.6.0.33-1.13.6.1.0.1.el5_11]\n- Add oracle-enterprise.patch\n[1:1.6.0.34-1.13.6.1]\n- Update to latest 1.13.6 release candidate tarball\n- Fixes a number of issues found with b34:\n- * OJ51, PR2187: Sync patch for 4873188 with 7 version\n- * OJ52, PR2185: Application of 6786276 introduces compatibility issue\n- * OJ53, PR2181: strict-aliasing warnings issued on PPC32\n- * OJ54, PR2182: 6911104 reintroduces test fragment removed in existing 6964018 backport\n- * S6730740, PR2186: Fix for 6729881 has apparently broken several 64 bit tests: 'Bad address'\n- * S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine\n- Also includes PR2180, so patch dropped from RPM.\n- Resolves: rhbz#1180289\n[1:1.6.0.34-1.13.6.0]\n- Apply pr2180.patch to work around issue with older autotools.\n- Resolves: rhbz#1180289\n[1:1.6.0.34-1.13.6.0]\n- Update to IcedTea 1.13.6\n- Apply pr2125.patch in generate_rhel_zip.sh to remove unwanted elliptic curves.\n- Add no_pr2125.patch to avoid repeating the procedure during the IcedTea build.\n- Avoid duplicating the OpenJDK build version by making more use of %{openjdkver}.\n- Add US_export_policy.jar and local_policy.jar to packages.\n- Resolves: rhbz#1180289", "edition": 4, "modified": "2015-01-26T00:00:00", "published": "2015-01-26T00:00:00", "id": "ELSA-2015-0085", "href": "http://linux.oracle.com/errata/ELSA-2015-0085.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "**Issue Overview:**\n\nA flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. ([CVE-2014-6601 __](<https://access.redhat.com/security/cve/CVE-2014-6601>))\n\nMultiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2015-0412 __](<https://access.redhat.com/security/cve/CVE-2015-0412>), [CVE-2015-0408 __](<https://access.redhat.com/security/cve/CVE-2015-0408>))\n\nA flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0395 __](<https://access.redhat.com/security/cve/CVE-2015-0395>))\n\nA flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. ([CVE-2015-0410 __](<https://access.redhat.com/security/cve/CVE-2015-0410>))\n\nA flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. ([CVE-2014-3566 __](<https://access.redhat.com/security/cve/CVE-2014-3566>))\n\nNote: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. ([CVE-2014-6593 __](<https://access.redhat.com/security/cve/CVE-2014-6593>))\n\nAn information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2015-0407 __](<https://access.redhat.com/security/cve/CVE-2015-0407>))\n\nA NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. ([CVE-2014-6587 __](<https://access.redhat.com/security/cve/CVE-2014-6587>))\n\nMultiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. ([CVE-2014-6585 __](<https://access.redhat.com/security/cve/CVE-2014-6585>), [CVE-2014-6591 __](<https://access.redhat.com/security/cve/CVE-2014-6591>))\n\nMultiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. ([CVE-2015-0383 __](<https://access.redhat.com/security/cve/CVE-2015-0383>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.53.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.75-2.5.4.0.53.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.53.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.53.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.53.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.75-2.5.4.0.53.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.75-2.5.4.0.53.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-devel-1.7.0.75-2.5.4.0.53.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.75-2.5.4.0.53.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.75-2.5.4.0.53.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.75-2.5.4.0.53.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.75-2.5.4.0.53.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-01-22T14:18:00", "published": "2015-01-22T14:18:00", "id": "ALAS-2015-471", "href": "https://alas.aws.amazon.com/ALAS-2015-471.html", "title": "Critical: java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:35:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "**Issue Overview:**\n\nA flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. ([CVE-2014-6601 __](<https://access.redhat.com/security/cve/CVE-2014-6601>))\n\nMultiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2015-0412 __](<https://access.redhat.com/security/cve/CVE-2015-0412>), [CVE-2015-0408 __](<https://access.redhat.com/security/cve/CVE-2015-0408>))\n\nA flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0395 __](<https://access.redhat.com/security/cve/CVE-2015-0395>))\n\nA flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. ([CVE-2015-0410 __](<https://access.redhat.com/security/cve/CVE-2015-0410>))\n\nA flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. ([CVE-2014-3566 __](<https://access.redhat.com/security/cve/CVE-2014-3566>))\n\nNote: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. ([CVE-2014-6593 __](<https://access.redhat.com/security/cve/CVE-2014-6593>))\n\nAn information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2015-0407 __](<https://access.redhat.com/security/cve/CVE-2015-0407>))\n\nA NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. ([CVE-2014-6587 __](<https://access.redhat.com/security/cve/CVE-2014-6587>))\n\nMultiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. ([CVE-2014-6585 __](<https://access.redhat.com/security/cve/CVE-2014-6585>), [CVE-2014-6591 __](<https://access.redhat.com/security/cve/CVE-2014-6591>))\n\nMultiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. ([CVE-2015-0383 __](<https://access.redhat.com/security/cve/CVE-2015-0383>)) The [CVE-2015-0383 __](<https://access.redhat.com/security/cve/CVE-2015-0383>) issue was discovered by Red Hat.\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-devel-1.6.0.34-67.1.13.6.0.69.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.34-67.1.13.6.0.69.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.34-67.1.13.6.0.69.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.34-67.1.13.6.0.69.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.34-67.1.13.6.0.69.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.34-67.1.13.6.0.69.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.34-67.1.13.6.0.69.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-src-1.6.0.34-67.1.13.6.0.69.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.34-67.1.13.6.0.69.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.34-67.1.13.6.0.69.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.34-67.1.13.6.0.69.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.34-67.1.13.6.0.69.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.34-67.1.13.6.0.69.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-02-11T19:38:00", "published": "2015-02-11T19:38:00", "id": "ALAS-2015-480", "href": "https://alas.aws.amazon.com/ALAS-2015-480.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:29:06", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3566", "CVE-2015-0395", "CVE-2015-0407", "CVE-2014-6585", "CVE-2015-0410", "CVE-2015-0383", "CVE-2014-6587", "CVE-2014-6593", "CVE-2014-6601", "CVE-2015-0408", "CVE-2014-6591", "CVE-2015-0412"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0067\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nA flaw was found in the way the Hotspot component in OpenJDK verified\nbytecode from the class files. An untrusted Java application or applet\ncould possibly use this flaw to bypass Java sandbox restrictions.\n(CVE-2014-6601)\n\nMultiple improper permission check issues were discovered in the JAX-WS,\nand RMI components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412,\nCVE-2015-0408)\n\nA flaw was found in the way the Hotspot garbage collector handled phantom\nreferences. An untrusted Java application or applet could use this flaw to\ncorrupt the Java Virtual Machine memory and, possibly, execute arbitrary\ncode, bypassing Java sandbox restrictions. (CVE-2015-0395)\n\nA flaw was found in the way the DER (Distinguished Encoding Rules) decoder\nin the Security component in OpenJDK handled negative length values. A\nspecially crafted, DER-encoded input could cause a Java application to\nenter an infinite loop when decoded. (CVE-2015-0410)\n\nA flaw was found in the way the SSL 3.0 protocol handled padding bytes when\ndecrypting messages that were encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw could possibly allow a man-in-the-middle\n(MITM) attacker to decrypt portions of the cipher text using a padding\noracle attack. (CVE-2014-3566)\n\nNote: This update disables SSL 3.0 by default to address this issue.\nThe jdk.tls.disabledAlgorithms security property can be used to re-enable\nSSL 3.0 support if needed. For additional information, refer to the Red Hat\nBugzilla bug linked to in the References section.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component in\nOpenJDK failed to properly check whether the ChangeCipherSpec was received\nduring the SSL/TLS connection handshake. An MITM attacker could possibly\nuse this flaw to force a connection to be established without encryption\nbeing enabled. (CVE-2014-6593)\n\nAn information leak flaw was found in the Swing component in OpenJDK. An\nuntrusted Java application or applet could use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2015-0407)\n\nA NULL pointer dereference flaw was found in the MulticastSocket\nimplementation in the Libraries component of OpenJDK. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2014-6587)\n\nMultiple boundary check flaws were found in the font parsing code in the 2D\ncomponent in OpenJDK. A specially crafted font file could allow an\nuntrusted Java application or applet to disclose portions of the Java\nVirtual Machine memory. (CVE-2014-6585, CVE-2014-6591)\n\nMultiple insecure temporary file use issues were found in the way the\nHotspot component in OpenJDK created performance statistics and error log\nfiles. A local attacker could possibly make a victim using OpenJDK\noverwrite arbitrary files using a symlink attack. (CVE-2015-0383)\n\nThe CVE-2015-0383 issue was discovered by Red Hat.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/032927.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/032929.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0067.html", "edition": 5, "modified": "2015-01-21T07:12:16", "published": "2015-01-21T05:42:52", "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/032927.html", "id": "CESA-2015:0067", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
