{"id": "DEBIAN:DSA-3789-1:337DE", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 3789-1] libevent security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3789-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nFebruary 15, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libevent\nCVE ID : CVE-2016-10195 CVE-2016-10196 CVE-2016-10197\nDebian Bug : 854092\n\nSeveral vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.0.21-stable-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.21-stable-3.\n\nWe recommend that you upgrade your libevent packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2017-02-15T14:20:26", "modified": "2017-02-15T14:20:26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00040.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "type": "debian", "lastseen": "2020-08-12T01:03:56", "edition": 10, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-10196", "CVE-2016-10197", "CVE-2016-10195"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310890824", "OPENVAS:1361412562311220191439", "OPENVAS:1361412562311220171092", "OPENVAS:1361412562310703789", "OPENVAS:1361412562310871809", "OPENVAS:1361412562311220171093", "OPENVAS:1361412562311220171090", "OPENVAS:1361412562310843090", "OPENVAS:1361412562311220171091", "OPENVAS:703789"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171025-01-GAUSSDB"]}, {"type": "debian", "idList": ["DEBIAN:DLA-824-1:B4FC3"]}, {"type": "nessus", "idList": ["EULEROS_SA-2017-1090.NASL", "EULEROS_SA-2017-1091.NASL", "SUSE_SU-2018-0263-1.NASL", "OPENSUSE-2018-95.NASL", "FREEBSD_PKG_B8EE7A81A87943589B307DD1BD4C14B1.NASL", "DEBIAN_DLA-824.NASL", "DEBIAN_DSA-3789.NASL", "SUSE_SU-2018-0200-1.NASL", "GENTOO_GLSA-201705-01.NASL", "UBUNTU_USN-3228-1.NASL"]}, {"type": "freebsd", "idList": ["B8EE7A81-A879-4358-9B30-7DD1BD4C14B1"]}, {"type": "ubuntu", "idList": ["USN-3228-1", "USN-3278-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2BB3E012A60E32B1D13F50D4254CA432"]}, {"type": "gentoo", "idList": ["GLSA-201802-03", "GLSA-201705-01"]}, {"type": "mozilla", "idList": ["MFSA2017-11", "MFSA2017-12", "MFSA2017-10", "MFSA2017-13"]}, {"type": "redhat", "idList": ["RHSA-2017:1104", "RHSA-2017:1201", "RHSA-2017:1106"]}, {"type": "centos", "idList": ["CESA-2017:1106", "CESA-2017:1104", "CESA-2017:1201"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1201"]}, {"type": "kaspersky", "idList": ["KLA11004", "KLA11007"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2235-1", "SUSE-SU-2017:1669-1"]}], "modified": "2020-08-12T01:03:56", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-08-12T01:03:56", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-2.0-5_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-2.0-5", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-pthreads-2.0-5_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-pthreads-2.0-5", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-openssl-2.0-5_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-openssl-2.0-5", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-dev_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-dev", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-core-2.0-5_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-core-2.0-5", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-extra-2.0-5_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-extra-2.0-5", "packageVersion": "2.0.21-stable-2+deb8u1"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "libevent-dbg_2.0.21-stable-2+deb8u1_all.deb", "packageName": "libevent-dbg", "packageVersion": "2.0.21-stable-2+deb8u1"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:28:01", "description": "Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-15T15:59:00", "title": "CVE-2016-10196", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10196"], "modified": "2018-06-12T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:libevent_project:libevent:2.1.5"], "id": "CVE-2016-10196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10196", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libevent_project:libevent:2.1.5:beta:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-15T15:59:00", "title": "CVE-2016-10195", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10195"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:libevent_project:libevent:2.1.5"], "id": "CVE-2016-10195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10195", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libevent_project:libevent:2.1.5:beta:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-15T15:59:00", "title": "CVE-2016-10197", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10197"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:libevent_project:libevent:2.1.5"], "id": "CVE-2016-10197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10197", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libevent_project:libevent:2.1.5:beta:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "Guido Vranken discovered that libevent incorrectly handled memory when \nprocessing certain data. A remote attacker could possibly use this issue \nwith an application that uses libevent to cause a denial of service, or \npossibly execute arbitrary code.", "edition": 5, "modified": "2017-03-13T00:00:00", "published": "2017-03-13T00:00:00", "id": "USN-3228-1", "href": "https://ubuntu.com/security/notices/USN-3228-1", "title": "libevent vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:44:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-5430", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "Multiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted message, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-5429, \nCVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, \nCVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467)\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to spoof the addressbar \ncontents, conduct cross-site scripting (XSS) attacks, cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-5432, \nCVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438, \nCVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449, \nCVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, \nCVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2016-10195, \nCVE-2016-10196, CVE-2016-10197)\n\nA flaw was discovered in the DRBG number generation in NSS. If an \nattacker were able to perform a man-in-the-middle attack, this flaw \ncould potentially be exploited to view sensitive information. \n(CVE-2017-5462)", "edition": 5, "modified": "2017-05-16T00:00:00", "published": "2017-05-16T00:00:00", "id": "USN-3278-1", "href": "https://ubuntu.com/security/notices/USN-3278-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:09:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.", "modified": "2020-01-29T00:00:00", "published": "2018-01-08T00:00:00", "id": "OPENVAS:1361412562310890824", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890824", "type": "openvas", "title": "Debian LTS: Security Advisory for libevent (DLA-824-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890824\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_name(\"Debian LTS: Security Advisory for libevent (DLA-824-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-08 00:00:00 +0100 (Mon, 08 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00013.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"libevent on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.0.19-stable-3+deb7u2.\n\nWe recommend that you upgrade your libevent packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-2.0-5\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-core-2.0-5\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-dbg\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-dev\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-extra-2.0-5\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-openssl-2.0-5\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libevent-pthreads-2.0-5\", ver:\"2.0.19-stable-3+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-03-14T00:00:00", "id": "OPENVAS:1361412562310843090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843090", "type": "openvas", "title": "Ubuntu Update for libevent USN-3228-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libevent USN-3228-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843090\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 05:47:51 +0100 (Tue, 14 Mar 2017)\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libevent USN-3228-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libevent'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Guido Vranken discovered that libevent\n incorrectly handled memory when processing certain data. A remote attacker could\n possibly use this issue with an application that uses libevent to cause a denial\n of service, or possibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"libevent on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3228-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3228-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:i386\", ver:\"2.0.21-stable-1ubuntu1.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:amd64\", ver:\"2.0.21-stable-1ubuntu1.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:i386\", ver:\"2.0.21-stable-2ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:amd64\", ver:\"2.0.21-stable-2ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:i386\", ver:\"2.0.16-stable-1ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:amd64\", ver:\"2.0.16-stable-1ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:i386\", ver:\"2.0.21-stable-2ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libevent-2.0-5:amd64\", ver:\"2.0.21-stable-2ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "Several vulnerabilities were discovered\nin libevent, an asynchronous event notification library. They would lead to Denial\nOf Service via application crash, or remote code execution.", "modified": "2019-03-18T00:00:00", "published": "2017-02-15T00:00:00", "id": "OPENVAS:1361412562310703789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703789", "type": "openvas", "title": "Debian Security Advisory DSA 3789-1 (libevent - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3789.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3789-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703789\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_name(\"Debian Security Advisory DSA 3789-1 (libevent - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-15 00:00:00 +0100 (Wed, 15 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3789.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"libevent on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2.0.21-stable-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.21-stable-3.\n\nWe recommend that you upgrade your libevent packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin libevent, an asynchronous event notification library. They would lead to Denial\nOf Service via application crash, or remote code execution.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libevent-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libevent-core-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-core-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libevent-dbg:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-dbg:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libevent-dev\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-extra-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-extra-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libevent-openssl-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-openssl-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libevent-pthreads-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libevent-pthreads-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:58:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "Several vulnerabilities were discovered\nin libevent, an asynchronous event notification library. They would lead to Denial\nOf Service via application crash, or remote code execution.", "modified": "2017-07-07T00:00:00", "published": "2017-02-15T00:00:00", "id": "OPENVAS:703789", "href": "http://plugins.openvas.org/nasl.php?oid=703789", "type": "openvas", "title": "Debian Security Advisory DSA 3789-1 (libevent - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3789.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3789-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703789);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_name(\"Debian Security Advisory DSA 3789-1 (libevent - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-02-15 00:00:00 +0100 (Wed, 15 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3789.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libevent on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2.0.21-stable-2+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.21-stable-3.\n\nWe recommend that you upgrade your libevent packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin libevent, an asynchronous event notification library. They would lead to Denial\nOf Service via application crash, or remote code execution.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libevent-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libevent-core-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-core-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libevent-dbg:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-dbg:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libevent-dev\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-extra-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-extra-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libevent-openssl-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-openssl-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libevent-pthreads-2.0-5:amd64\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libevent-pthreads-2.0-5:i386\", ver:\"2.0.21-stable-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-27T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171091", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2017-1091)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1091\");\n script_version(\"2020-01-23T10:48:55+0000\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:48:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2017-1091)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1091\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1091\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libevent' package(s) announced via the EulerOS-SA-2017-1091 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.(CVE-2016-10195)\n\nStack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.(CVE-2016-10196)\n\nThe search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.(CVE-2016-10197)\");\n\n script_tag(name:\"affected\", value:\"'libevent' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libevent\", rpm:\"libevent~2.0.21~4.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171090", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2017-1090)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1090\");\n script_version(\"2020-01-23T10:48:52+0000\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:48:52 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2017-1090)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1090\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1090\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libevent' package(s) announced via the EulerOS-SA-2017-1090 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.(CVE-2016-10195)\n\nStack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.(CVE-2016-10196)\n\nThe search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.(CVE-2016-10197)\");\n\n script_tag(name:\"affected\", value:\"'libevent' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libevent\", rpm:\"libevent~2.0.21~4.h3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2014-6272", "CVE-2016-10196", "CVE-2015-6525", "CVE-2016-10195"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191439", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2019-1439)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1439\");\n script_version(\"2020-01-23T11:47:01+0000\");\n script_cve_id(\"CVE-2014-6272\", \"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:47:01 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:47:01 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2019-1439)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1439\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1439\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libevent' package(s) announced via the EulerOS-SA-2019-1439 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via 'insanely large inputs' to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.(CVE-2014-6272)\n\nAn out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash.(CVE-2016-10197)\n\nA vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory.(CVE-2016-10195)\n\nA vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash.(CVE-2016-10196)\");\n\n script_tag(name:\"affected\", value:\"'libevent' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libevent\", rpm:\"libevent~2.0.21~4.h5.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5451", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-05-09T00:00:00", "id": "OPENVAS:1361412562310871809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871809", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2017:1201-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2017:1201-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871809\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-09 06:48:42 +0200 (Tue, 09 May 2017)\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\", \"CVE-2017-5429\",\n \"CVE-2017-5432\", \"CVE-2017-5433\", \"CVE-2017-5434\", \"CVE-2017-5435\",\n \"CVE-2017-5436\", \"CVE-2017-5438\", \"CVE-2017-5439\", \"CVE-2017-5440\",\n \"CVE-2017-5441\", \"CVE-2017-5442\", \"CVE-2017-5443\", \"CVE-2017-5444\",\n \"CVE-2017-5445\", \"CVE-2017-5446\", \"CVE-2017-5447\", \"CVE-2017-5449\",\n \"CVE-2017-5451\", \"CVE-2017-5454\", \"CVE-2017-5459\", \"CVE-2017-5460\",\n \"CVE-2017-5464\", \"CVE-2017-5465\", \"CVE-2017-5466\", \"CVE-2017-5467\",\n \"CVE-2017-5469\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2017:1201-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 52.1.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436,\nCVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438,\nCVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443,\nCVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460,\nCVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195,\nCVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467,\nCVE-2016-10197)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero),\nTakeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal\nDe Silva, Nicolas Gregoire, Holger Fuhrmannek, Atte Kettunen, Haik\nAftandilian, and Jordi Chancel as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1201-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-May/msg00001.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.1.0~1.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~52.1.0~1.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5451", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-05-10T00:00:00", "id": "OPENVAS:1361412562310882707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882707", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:1201 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:1201 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882707\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 06:50:49 +0200 (Wed, 10 May 2017)\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\", \"CVE-2017-5429\",\n \"CVE-2017-5432\", \"CVE-2017-5433\", \"CVE-2017-5434\", \"CVE-2017-5435\",\n \"CVE-2017-5436\", \"CVE-2017-5438\", \"CVE-2017-5439\", \"CVE-2017-5440\",\n \"CVE-2017-5441\", \"CVE-2017-5442\", \"CVE-2017-5443\", \"CVE-2017-5444\",\n \"CVE-2017-5445\", \"CVE-2017-5446\", \"CVE-2017-5447\", \"CVE-2017-5449\",\n \"CVE-2017-5451\", \"CVE-2017-5454\", \"CVE-2017-5459\", \"CVE-2017-5460\",\n \"CVE-2017-5464\", \"CVE-2017-5465\", \"CVE-2017-5466\", \"CVE-2017-5467\",\n \"CVE-2017-5469\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:1201 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\n\nThis update upgrades Thunderbird to version 52.1.0.\n\nSecurity Fix(es):\n\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird.\n\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero),\nTakeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal\nDe Silva, Nicolas Gregoire, Holger Fuhrmannek, Atte Kettunen, Haik\nAftandilian, and Jordi Chancel as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1201\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-May/022406.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.1.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5451", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-05-10T00:00:00", "id": "OPENVAS:1361412562310882711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882711", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2017:1201 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:1201 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882711\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 06:52:26 +0200 (Wed, 10 May 2017)\");\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\", \"CVE-2017-5429\",\n \"CVE-2017-5432\", \"CVE-2017-5433\", \"CVE-2017-5434\", \"CVE-2017-5435\",\n \"CVE-2017-5436\", \"CVE-2017-5438\", \"CVE-2017-5439\", \"CVE-2017-5440\",\n \"CVE-2017-5441\", \"CVE-2017-5442\", \"CVE-2017-5443\", \"CVE-2017-5444\",\n \"CVE-2017-5445\", \"CVE-2017-5446\", \"CVE-2017-5447\", \"CVE-2017-5449\",\n \"CVE-2017-5451\", \"CVE-2017-5454\", \"CVE-2017-5459\", \"CVE-2017-5460\",\n \"CVE-2017-5464\", \"CVE-2017-5465\", \"CVE-2017-5466\", \"CVE-2017-5467\",\n \"CVE-2017-5469\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:1201 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\n\n\nThis update upgrades Thunderbird to version 52.1.0.\n\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird.\n\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero),\nTakeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal\nDe Silva, Nicolas Gregoire, Holger Fuhrmannek, Atte Kettunen, Haik\nAftandilian, and Jordi Chancel as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1201\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-May/022405.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~52.1.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-05-07T21:20:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "### Background\n\nlibevent is a library to execute a function when a specific event occurs on a file descriptor. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libevent. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libevent users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libevent-2.1.7_rc\"", "edition": 1, "modified": "2017-05-07T00:00:00", "published": "2017-05-07T00:00:00", "href": "https://security.gentoo.org/glsa/201705-01", "id": "GLSA-201705-01", "title": "libevent: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-20T04:07:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7791", "CVE-2017-7784", "CVE-2017-7824", "CVE-2017-5462", "CVE-2017-7800", "CVE-2017-7753", "CVE-2017-5436", "CVE-2017-7801", "CVE-2017-7810", "CVE-2018-5097", "CVE-2017-7778", "CVE-2017-5441", "CVE-2017-5472", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2018-5089", "CVE-2017-5434", "CVE-2018-5091", "CVE-2017-7756", "CVE-2018-5096", "CVE-2017-5465", "CVE-2018-5095", "CVE-2017-7843", "CVE-2016-6354", "CVE-2017-7764", "CVE-2017-7771", "CVE-2018-5098", "CVE-2017-5429", "CVE-2018-5102", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-7802", "CVE-2017-7787", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-7749", "CVE-2017-7805", "CVE-2017-5470", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-7779", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-7785", "CVE-2017-5433", "CVE-2017-7751", "CVE-2017-7823", "CVE-2018-5117", "CVE-2017-7807", "CVE-2017-5447", "CVE-2017-5444", "CVE-2017-7750", "CVE-2017-5460", "CVE-2017-7777", "CVE-2018-5104", "CVE-2017-7809", "CVE-2017-7775", "CVE-2018-5103", "CVE-2017-7798", "CVE-2017-7786", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7844", "CVE-2017-7819", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-7803", "CVE-2017-7792", "CVE-2018-5099", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-7814", "CVE-2017-5464"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-52.6.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-52.6.0\"", "edition": 1, "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201802-03", "id": "GLSA-201802-03", "type": "gentoo", "title": "Mozilla Firefox: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "\nDebian Security reports:\n\nCVE-2016-10195: The name_parse function in evdns.c in\n\t libevent before 2.1.6-beta allows remote attackers to have\n\t unspecified impact via vectors involving the label_len\n\t variable, which triggers an out-of-bounds stack read.\nCVE-2016-10196: Stack-based buffer overflow in the\n\t evutil_parse_sockaddr_port function in evutil.c in libevent\n\t before 2.1.6-beta allows attackers to cause a denial of\n\t service (segmentation fault) via vectors involving a long\n\t string in brackets in the ip_as_string argument.\nCVE-2016-10197: The search_make_new function in evdns.c\n\t in libevent before 2.1.6-beta allows attackers to cause a\n\t denial of service (out-of-bounds read) via an empty\n\t hostname.\n\n", "edition": 4, "modified": "2017-01-31T00:00:00", "published": "2017-01-31T00:00:00", "id": "B8EE7A81-A879-4358-9B30-7DD1BD4C14B1", "href": "https://vuxml.freebsd.org/freebsd/b8ee7a81-a879-4358-9b30-7dd1bd4c14b1.html", "title": "libevent -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:01:25", "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-11-10T00:00:00", "published": "2017-10-25T00:00:00", "id": "HUAWEI-SA-20171025-01-GAUSSDB", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171025-01-gaussdb-en", "title": "Security Advisory - Three Vulnerabilities in Huawei GaussDB", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T09:44:18", "description": "Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.0.19-stable-3+deb7u2.\n\nWe recommend that you upgrade your libevent packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-16T00:00:00", "title": "Debian DLA-824-1 : libevent security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-02-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libevent-openssl-2.0-5", "p-cpe:/a:debian:debian_linux:libevent-dev", "p-cpe:/a:debian:debian_linux:libevent-dbg", "p-cpe:/a:debian:debian_linux:libevent-pthreads-2.0-5", "p-cpe:/a:debian:debian_linux:libevent-2.0-5", "p-cpe:/a:debian:debian_linux:libevent-core-2.0-5", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libevent-extra-2.0-5"], "id": "DEBIAN_DLA-824.NASL", "href": "https://www.tenable.com/plugins/nessus/97195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-824-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97195);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n\n script_name(english:\"Debian DLA-824-1 : libevent security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.0.19-stable-3+deb7u2.\n\nWe recommend that you upgrade your libevent packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/02/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libevent\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-2.0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-core-2.0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-extra-2.0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-openssl-2.0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent-pthreads-2.0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libevent-2.0-5\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libevent-core-2.0-5\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libevent-dbg\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libevent-dev\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libevent-extra-2.0-5\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libevent-openssl-2.0-5\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libevent-pthreads-2.0-5\", reference:\"2.0.19-stable-3+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:04", "description": "According to the versions of the libevent package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The name_parse function in evdns.c in libevent before\n 2.1.6-beta allows remote attackers to have unspecified\n impact via vectors involving the label_len variable,\n which triggers an out-of-bounds stack\n read.(CVE-2016-10195)\n\n - Stack-based buffer overflow in the\n evutil_parse_sockaddr_port function in evutil.c in\n libevent before 2.1.6-beta allows attackers to cause a\n denial of service (segmentation fault) via vectors\n involving a long string in brackets in the ip_as_string\n argument.(CVE-2016-10196)\n\n - The search_make_new function in evdns.c in libevent\n before 2.1.6-beta allows attackers to cause a denial of\n service (out-of-bounds read) via an empty\n hostname.(CVE-2016-10197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-09T00:00:00", "title": "EulerOS 2.0 SP1 : libevent (EulerOS-SA-2017-1090)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-06-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libevent", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1090.NASL", "href": "https://www.tenable.com/plugins/nessus/100685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100685);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10195\",\n \"CVE-2016-10196\",\n \"CVE-2016-10197\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : libevent (EulerOS-SA-2017-1090)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libevent package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The name_parse function in evdns.c in libevent before\n 2.1.6-beta allows remote attackers to have unspecified\n impact via vectors involving the label_len variable,\n which triggers an out-of-bounds stack\n read.(CVE-2016-10195)\n\n - Stack-based buffer overflow in the\n evutil_parse_sockaddr_port function in evutil.c in\n libevent before 2.1.6-beta allows attackers to cause a\n denial of service (segmentation fault) via vectors\n involving a long string in brackets in the ip_as_string\n argument.(CVE-2016-10196)\n\n - The search_make_new function in evdns.c in libevent\n before 2.1.6-beta allows attackers to cause a denial of\n service (out-of-bounds read) via an empty\n hostname.(CVE-2016-10197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1090\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2dda8a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libevent packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libevent-2.0.21-4.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:05", "description": "According to the versions of the libevent package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The name_parse function in evdns.c in libevent before\n 2.1.6-beta allows remote attackers to have unspecified\n impact via vectors involving the label_len variable,\n which triggers an out-of-bounds stack\n read.(CVE-2016-10195)\n\n - Stack-based buffer overflow in the\n evutil_parse_sockaddr_port function in evutil.c in\n libevent before 2.1.6-beta allows attackers to cause a\n denial of service (segmentation fault) via vectors\n involving a long string in brackets in the ip_as_string\n argument.(CVE-2016-10196)\n\n - The search_make_new function in evdns.c in libevent\n before 2.1.6-beta allows attackers to cause a denial of\n service (out-of-bounds read) via an empty\n hostname.(CVE-2016-10197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-09T00:00:00", "title": "EulerOS 2.0 SP2 : libevent (EulerOS-SA-2017-1091)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-06-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libevent", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1091.NASL", "href": "https://www.tenable.com/plugins/nessus/100686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100686);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10195\",\n \"CVE-2016-10196\",\n \"CVE-2016-10197\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libevent (EulerOS-SA-2017-1091)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libevent package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The name_parse function in evdns.c in libevent before\n 2.1.6-beta allows remote attackers to have unspecified\n impact via vectors involving the label_len variable,\n which triggers an out-of-bounds stack\n read.(CVE-2016-10195)\n\n - Stack-based buffer overflow in the\n evutil_parse_sockaddr_port function in evutil.c in\n libevent before 2.1.6-beta allows attackers to cause a\n denial of service (segmentation fault) via vectors\n involving a long string in brackets in the ip_as_string\n argument.(CVE-2016-10196)\n\n - The search_make_new function in evdns.c in libevent\n before 2.1.6-beta allows attackers to cause a denial of\n service (out-of-bounds read) via an empty\n hostname.(CVE-2016-10197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1091\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0be876c2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libevent packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libevent-2.0.21-4.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:05:54", "description": "The remote host is affected by the vulnerability described in GLSA-201705-01\n(libevent: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libevent. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-08T00:00:00", "title": "GLSA-201705-01 : libevent: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-05-08T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libevent"], "id": "GENTOO_GLSA-201705-01.NASL", "href": "https://www.tenable.com/plugins/nessus/100015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201705-01.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100015);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_xref(name:\"GLSA\", value:\"201705-01\");\n\n script_name(english:\"GLSA-201705-01 : libevent: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201705-01\n(libevent: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libevent. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201705-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libevent users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libevent-2.1.7_rc'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libevent\", unaffected:make_list(\"ge 2.1.7_rc\"), vulnerable:make_list(\"lt 2.1.7_rc\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:50:07", "description": "Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-16T00:00:00", "title": "Debian DSA-3789-1 : libevent - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-02-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libevent", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3789.NASL", "href": "https://www.tenable.com/plugins/nessus/97196", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3789. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97196);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_xref(name:\"DSA\", value:\"3789\");\n\n script_name(english:\"Debian DSA-3789-1 : libevent - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libevent\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3789\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libevent packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.0.21-stable-2+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libevent-2.0-5\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libevent-core-2.0-5\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libevent-dbg\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libevent-dev\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libevent-extra-2.0-5\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libevent-openssl-2.0-5\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libevent-pthreads-2.0-5\", reference:\"2.0.21-stable-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:40:00", "description": "This update for libevent fixes the following security issues :\n\n - CVE-2016-10195: DNS remote stack overread vulnerability\n (bsc#1022917) \n\n - CVE-2016-10196: stack/buffer overflow in\n evutil_parse_sockaddr_port() (bsc#1022918) \n\n - CVE-2016-10197: out-of-bounds read in search_make_new()\n (bsc#1022919) \n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-26T00:00:00", "title": "openSUSE Security Update : libevent (openSUSE-2018-95)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2018-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libevent-devel", "p-cpe:/a:novell:opensuse:libevent-2_0-5-32bit", "p-cpe:/a:novell:opensuse:libevent-2_0-5", "p-cpe:/a:novell:opensuse:libevent-debugsource", "p-cpe:/a:novell:opensuse:libevent-2_0-5-debuginfo", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:libevent-2_0-5-debuginfo-32bit"], "id": "OPENSUSE-2018-95.NASL", "href": "https://www.tenable.com/plugins/nessus/106363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-95.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106363);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n\n script_name(english:\"openSUSE Security Update : libevent (openSUSE-2018-95)\");\n script_summary(english:\"Check for the openSUSE-2018-95 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libevent fixes the following security issues :\n\n - CVE-2016-10195: DNS remote stack overread vulnerability\n (bsc#1022917) \n\n - CVE-2016-10196: stack/buffer overflow in\n evutil_parse_sockaddr_port() (bsc#1022918) \n\n - CVE-2016-10197: out-of-bounds read in search_make_new()\n (bsc#1022919) \n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022919\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libevent packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libevent-2_0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libevent-2_0-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libevent-2_0-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libevent-2_0-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libevent-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libevent-2_0-5-2.0.21-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libevent-2_0-5-debuginfo-2.0.21-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libevent-debugsource-2.0.21-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libevent-devel-2.0.21-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libevent-2_0-5-32bit-2.0.21-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libevent-2_0-5-debuginfo-32bit-2.0.21-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libevent-2_0-5-2.0.21-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libevent-2_0-5-debuginfo-2.0.21-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libevent-debugsource-2.0.21-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libevent-devel-2.0.21-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libevent-2_0-5-32bit-2.0.21-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libevent-2_0-5-debuginfo-32bit-2.0.21-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent-2_0-5 / libevent-2_0-5-32bit / libevent-2_0-5-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:50:38", "description": "This update for libevent fixes the following issues :\n\n - CVE-2016-10195: DNS remote stack overread vulnerability\n (bsc#1022917)\n\n - CVE-2016-10196: stack/buffer overflow in\n evutil_parse_sockaddr_port() (bsc#1022918) (backport for\n 2.0.21)\n\n - CVE-2016-10197: out-of-bounds read in search_make_new()\n (bsc#1022919)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-30T00:00:00", "title": "SUSE SLES11 Security Update : libevent (SUSE-SU-2018:0263-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2018-01-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libevent-1_4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0263-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0263-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106472);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n\n script_name(english:\"SUSE SLES11 Security Update : libevent (SUSE-SU-2018:0263-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libevent fixes the following issues :\n\n - CVE-2016-10195: DNS remote stack overread vulnerability\n (bsc#1022917)\n\n - CVE-2016-10196: stack/buffer overflow in\n evutil_parse_sockaddr_port() (bsc#1022918) (backport for\n 2.0.21)\n\n - CVE-2016-10197: out-of-bounds read in search_make_new()\n (bsc#1022919)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10196/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10197/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180263-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1483ba5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-libevent-13447=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-libevent-13447=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-libevent-13447=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libevent-1_4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libevent-1_4-2-1.4.5-24.24.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:57:30", "description": "Debian Security reports :\n\nCVE-2016-10195: The name_parse function in evdns.c in libevent before\n2.1.6-beta allows remote attackers to have unspecified impact via\nvectors involving the label_len variable, which triggers an\nout-of-bounds stack read.\n\nCVE-2016-10196: Stack-based buffer overflow in the\nevutil_parse_sockaddr_port function in evutil.c in libevent before\n2.1.6-beta allows attackers to cause a denial of service (segmentation\nfault) via vectors involving a long string in brackets in the\nip_as_string argument.\n\nCVE-2016-10197: The search_make_new function in evdns.c in libevent\nbefore 2.1.6-beta allows attackers to cause a denial of service\n(out-of-bounds read) via an empty hostname.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-21T00:00:00", "title": "FreeBSD : libevent -- multiple vulnerabilities (b8ee7a81-a879-4358-9b30-7dd1bd4c14b1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-04-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-libevent2", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libevent2", "p-cpe:/a:freebsd:freebsd:linux-c7-libevent", "p-cpe:/a:freebsd:freebsd:libevent"], "id": "FREEBSD_PKG_B8EE7A81A87943589B307DD1BD4C14B1.NASL", "href": "https://www.tenable.com/plugins/nessus/99556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99556);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n\n script_name(english:\"FreeBSD : libevent -- multiple vulnerabilities (b8ee7a81-a879-4358-9b30-7dd1bd4c14b1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Debian Security reports :\n\nCVE-2016-10195: The name_parse function in evdns.c in libevent before\n2.1.6-beta allows remote attackers to have unspecified impact via\nvectors involving the label_len variable, which triggers an\nout-of-bounds stack read.\n\nCVE-2016-10196: Stack-based buffer overflow in the\nevutil_parse_sockaddr_port function in evutil.c in libevent before\n2.1.6-beta allows attackers to cause a denial of service (segmentation\nfault) via vectors involving a long string in brackets in the\nip_as_string argument.\n\nCVE-2016-10197: The search_make_new function in evdns.c in libevent\nbefore 2.1.6-beta allows attackers to cause a denial of service\n(out-of-bounds read) via an empty hostname.\"\n );\n # http://www.openwall.com/lists/oss-security/2017/01/31/17\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/01/31/17\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libevent/libevent/issues/317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libevent/libevent/issues/318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libevent/libevent/issues/332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libevent/libevent/issues/335\"\n );\n # https://vuxml.freebsd.org/freebsd/b8ee7a81-a879-4358-9b30-7dd1bd4c14b1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d59ee6b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libevent2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-libevent2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c7-libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libevent<2.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libevent2<2.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-libevent2<2.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c7-libevent<2.1.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T06:51:59", "description": "This update for libevent fixes the following security issues :\n\n - CVE-2016-10195: DNS remote stack overread vulnerability\n (bsc#1022917)\n\n - CVE-2016-10196: stack/buffer overflow in\n evutil_parse_sockaddr_port() (bsc#1022918)\n\n - CVE-2016-10197: out-of-bounds read in search_make_new()\n (bsc#1022919)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libevent (SUSE-SU-2018:0200-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libevent-debugsource", "p-cpe:/a:novell:suse_linux:libevent-2_0-5-debuginfo", "p-cpe:/a:novell:suse_linux:libevent-2_0"], "id": "SUSE_SU-2018-0200-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106345", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0200-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106345);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libevent (SUSE-SU-2018:0200-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libevent fixes the following security issues :\n\n - CVE-2016-10195: DNS remote stack overread vulnerability\n (bsc#1022917)\n\n - CVE-2016-10196: stack/buffer overflow in\n evutil_parse_sockaddr_port() (bsc#1022918)\n\n - CVE-2016-10197: out-of-bounds read in search_make_new()\n (bsc#1022919)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10196/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10197/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180200-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c771cb41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-143=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-143=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-143=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-143=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-143=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-143=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-143=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-143=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libevent-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libevent-2_0-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libevent-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libevent-2_0-5-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libevent-2_0-5-debuginfo-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libevent-debugsource-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libevent-2_0-5-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libevent-2_0-5-debuginfo-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libevent-debugsource-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libevent-2_0-5-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libevent-2_0-5-debuginfo-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libevent-debugsource-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libevent-2_0-5-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libevent-2_0-5-debuginfo-2.0.21-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libevent-debugsource-2.0.21-6.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:32:04", "description": "Guido Vranken discovered that libevent incorrectly handled memory when\nprocessing certain data. A remote attacker could possibly use this\nissue with an application that uses libevent to cause a denial of\nservice, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-14T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libevent vulnerabilities (USN-3228-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:libevent-2.0-5", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3228-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97721);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-10195\", \"CVE-2016-10196\", \"CVE-2016-10197\");\n script_xref(name:\"USN\", value:\"3228-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libevent vulnerabilities (USN-3228-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Guido Vranken discovered that libevent incorrectly handled memory when\nprocessing certain data. A remote attacker could possibly use this\nissue with an application that uses libevent to cause a denial of\nservice, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3228-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libevent-2.0-5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libevent-2.0-5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libevent-2.0-5\", pkgver:\"2.0.16-stable-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libevent-2.0-5\", pkgver:\"2.0.21-stable-1ubuntu1.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libevent-2.0-5\", pkgver:\"2.0.21-stable-2ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libevent-2.0-5\", pkgver:\"2.0.21-stable-2ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libevent-2.0-5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:09", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "Package : libevent\nVersion : 2.0.19-stable-3+deb7u2\nCVE ID : CVE-2016-10195 CVE-2016-10196 CVE-2016-10197\nDebian Bug : 854092\n\nSeveral vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.0.19-stable-3+deb7u2.\n\nWe recommend that you upgrade your libevent packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-02-15T15:22:44", "published": "2017-02-15T15:22:44", "id": "DEBIAN:DLA-824-1:B4FC3", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201702/msg00013.html", "title": "[SECURITY] [DLA 824-1] libevent security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-10196", "CVE-2016-10195"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nGuido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3151.x versions prior to 3151.14\n * 3233.x versions prior to 3233.16\n * 3263.x versions prior to 3263.22\n * 3312.x versions prior to 3312.22\n * 3363.x versions prior to 3363.14\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3151.x versions to 3151.14 or later\n * Upgrade 3233.x versions to 3233.16 or later\n * Upgrade 3263.x versions to 3263.22 or later\n * Upgrade 3312.x versions to 3312.22 or later\n * Upgrade 3363.x versions to 3363.14 or later\n * All other stemcells should be upgraded to the latest version.\n\n# References\n\n * [USN-3228-1](<http://www.ubuntu.com/usn/usn-3228-1/>)\n * [CVE-2016-10195](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10195>)\n * [CVE-2016-10196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10196>)\n * [CVE-2016-10197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10197>)\n", "edition": 5, "modified": "2017-03-31T00:00:00", "published": "2017-03-31T00:00:00", "id": "CFOUNDRY:2BB3E012A60E32B1D13F50D4254CA432", "href": "https://www.cloudfoundry.org/blog/usn-3228-1/", "title": "USN-3228-1: libevent vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mozilla": [{"lastseen": "2017-04-19T17:18:12", "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10196", "CVE-2016-10195"], "edition": 1, "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nIf a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nAn out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.\nThe internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. \nA mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.\nA mechanism to spoof the Firefox for Android addressbar using a javascript: URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications.\nA mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.\nAndroid intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected.\nA potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.\nMalicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected.\nA mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's TITLE element. This vulnerability allows for spoofing but no scripted content can be run.\nWhen a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.\nAn issue with incorrect ownership model of privateBrowsing information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. \nMozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "modified": "2017-04-19T00:00:00", "published": "2017-04-19T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-10/", "id": "MFSA2017-10", "title": "Security vulnerabilities fixed in Firefox 53MenuMozilla", "type": "mozilla", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-19T17:18:12", "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10196", "CVE-2016-10195"], "edition": 1, "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.28.4.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nIf a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nAn out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.\nThe internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. \nA mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.\nA mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.28.4.\nA potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.\nMozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "modified": "2017-04-19T00:00:00", "published": "2017-04-19T00:00:00", "id": "MFSA2017-12", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-12/", "title": "Security vulnerabilities fixed in Firefox ESR 52.1MenuMozilla", "type": "mozilla", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-19T17:18:12", "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10196", "CVE-2016-10195"], "edition": 1, "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.21.4.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nAn out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.21.4.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "modified": "2017-04-19T00:00:00", "published": "2017-04-19T00:00:00", "id": "MFSA2017-11", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-11/", "title": "Security vulnerabilities fixed in Firefox ESR 45.9MenuMozilla", "type": "mozilla", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-05-01T21:18:53", "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10195"], "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nIf a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.\nA mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4.\nA potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.\nMozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "edition": 1, "modified": "2017-04-30T00:00:00", "published": "2017-04-30T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-13/", "id": "MFSA2017-13", "title": "Security vulnerabilities fixed in Thunderbird 52.1MenuClose", "type": "mozilla", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-12-11T13:32:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2017-5429", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5437", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5448", "CVE-2017-5449", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5469"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.1.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Huzaifa Sidhpurwala, Nicolas Gr\u00e9goire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, and Petr Cerny as the original reporters.", "modified": "2018-06-07T18:23:27", "published": "2017-04-20T10:59:53", "id": "RHSA-2017:1104", "href": "https://access.redhat.com/errata/RHSA-2017:1104", "type": "redhat", "title": "(RHSA-2017:1104) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2017-5429", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5449", "CVE-2017-5451", "CVE-2017-5454", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5466", "CVE-2017-5467", "CVE-2017-5469"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.1.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Gr\u00e9goire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.", "modified": "2018-06-07T18:23:17", "published": "2017-05-08T09:16:37", "id": "RHSA-2017:1201", "href": "https://access.redhat.com/errata/RHSA-2017:1201", "type": "redhat", "title": "(RHSA-2017:1201) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2017-5429", "CVE-2017-5430", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5437", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5448", "CVE-2017-5449", "CVE-2017-5451", "CVE-2017-5454", "CVE-2017-5455", "CVE-2017-5456", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5466", "CVE-2017-5467", "CVE-2017-5469"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.1.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gr\u00e9goire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.", "modified": "2018-04-12T03:32:48", "published": "2017-04-20T12:50:13", "id": "RHSA-2017:1106", "href": "https://access.redhat.com/errata/RHSA-2017:1106", "type": "redhat", "title": "(RHSA-2017:1106) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:35:29", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5444", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5437", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1104\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.1.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Huzaifa Sidhpurwala, Nicolas Gr\u00e9goire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, and Petr Cerny as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-April/034432.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1104.html", "edition": 6, "modified": "2017-04-20T22:44:21", "published": "2017-04-20T22:44:21", "id": "CESA-2017:1104", "href": "http://lists.centos.org/pipermail/centos-announce/2017-April/034432.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:39:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5451", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1201\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.1.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Gr\u00e9goire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-May/034443.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-May/034444.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1201.html", "edition": 6, "modified": "2017-05-09T21:04:30", "published": "2017-05-09T17:01:33", "href": "http://lists.centos.org/pipermail/centos-announce/2017-May/034443.html", "id": "CESA-2017:1201", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5451", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5455", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5437", "CVE-2017-5456", "CVE-2017-5430", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1106\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.1.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gr\u00e9goire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-April/034436.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1106.html", "edition": 6, "modified": "2017-04-20T23:21:25", "published": "2017-04-20T23:21:25", "id": "CESA-2017:1106", "href": "http://lists.centos.org/pipermail/centos-announce/2017-April/034436.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5451", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "[52.1.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[52.1.0-1]\n- Update to 52.1.0\n[52.0.1-1]\n- Update to 52.0.1", "edition": 4, "modified": "2017-05-08T00:00:00", "published": "2017-05-08T00:00:00", "id": "ELSA-2017-1201", "href": "http://linux.oracle.com/errata/ELSA-2017-1201.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:53:44", "bulletinFamily": "info", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5430", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "### *Detect date*:\n04/30/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, read and write local files.\n\n### *Affected products*:\nMozilla Thunderbird before 52.1\n\n### *Solution*:\nUpdate to latest version \n[Download Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA 2017-13](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2016-10197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197>)5.0Critical \n[CVE-2017-5461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461>)7.5Critical \n[CVE-2016-6354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354>)7.5Critical \n[CVE-2017-5433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433>)9.8Critical \n[CVE-2017-5435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435>)9.8Critical \n[CVE-2017-5436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436>)8.8Critical \n[CVE-2017-5459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459>)9.8Critical \n[CVE-2017-5466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466>)6.1High \n[CVE-2017-5434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434>)9.8Critical \n[CVE-2017-5432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432>)9.8Critical \n[CVE-2017-5460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460>)9.8Critical \n[CVE-2017-5438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438>)9.8Critical \n[CVE-2017-5439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439>)9.8Critical \n[CVE-2017-5440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440>)9.8Critical \n[CVE-2017-5441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441>)9.8Critical \n[CVE-2017-5442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442>)9.8Critical \n[CVE-2017-5464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464>)9.8Critical \n[CVE-2017-5443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443>)9.8Critical \n[CVE-2017-5444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444>)7.5Critical \n[CVE-2017-5446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446>)9.8Critical \n[CVE-2017-5447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447>)9.1Critical \n[CVE-2017-5465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465>)9.1Critical \n[CVE-2017-5454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454>)7.5Critical \n[CVE-2017-5469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469>)9.8Critical \n[CVE-2017-5445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445>)7.5Critical \n[CVE-2017-5449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449>)7.5Critical \n[CVE-2017-5451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451>)4.3Warning \n[CVE-2017-5462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462>)5.3High \n[CVE-2017-5467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467>)7.5Critical \n[CVE-2017-5430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5430>)9.8Critical \n[CVE-2017-5429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429>)9.8Critical \n[CVE-2016-10195](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195>)7.5Critical \n[CVE-2016-10196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196>)5.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 43, "modified": "2020-06-18T00:00:00", "published": "2017-04-30T00:00:00", "id": "KLA11007", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11007", "title": "\r KLA11007Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T11:56:08", "bulletinFamily": "info", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5458", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5455", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5450", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5456", "CVE-2017-5453", "CVE-2017-5468", "CVE-2017-5430", "CVE-2017-5463", "CVE-2017-5452", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "description": "### *Detect date*:\n04/19/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions, gain privileges and read/write local files.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 53 \nMozilla Firefox ESR versions earlier than 45.9 \nMozilla Firefox ESR versions earlier than 52.1\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA-2017-10](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/>) \n[MFSA-2017-11](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/>) \n[MFSA-2017-12](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-10197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197>)5.0Critical \n[CVE-2017-5461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461>)7.5Critical \n[CVE-2016-6354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354>)7.5Critical \n[CVE-2017-5433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433>)9.8Critical \n[CVE-2017-5435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435>)9.8Critical \n[CVE-2017-5436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436>)8.8Critical \n[CVE-2017-5459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459>)9.8Critical \n[CVE-2017-5466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466>)6.1High \n[CVE-2017-5434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434>)9.8Critical \n[CVE-2017-5432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432>)9.8Critical \n[CVE-2017-5460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460>)9.8Critical \n[CVE-2017-5438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438>)9.8Critical \n[CVE-2017-5439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439>)9.8Critical \n[CVE-2017-5440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440>)9.8Critical \n[CVE-2017-5441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441>)9.8Critical \n[CVE-2017-5442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442>)9.8Critical \n[CVE-2017-5464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464>)9.8Critical \n[CVE-2017-5443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443>)9.8Critical \n[CVE-2017-5444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444>)7.5Critical \n[CVE-2017-5446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446>)9.8Critical \n[CVE-2017-5447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447>)9.1Critical \n[CVE-2017-5465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465>)9.1Critical \n[CVE-2017-5454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454>)7.5Critical \n[CVE-2017-5469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469>)9.8Critical \n[CVE-2017-5445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445>)7.5Critical \n[CVE-2017-5449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449>)7.5Critical \n[CVE-2017-5451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451>)4.3Warning \n[CVE-2017-5462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462>)5.3High \n[CVE-2017-5467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467>)7.5Critical \n[CVE-2017-5430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5430>)9.8Critical \n[CVE-2017-5429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429>)9.8Critical \n[CVE-2016-10195](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195>)7.5Critical \n[CVE-2016-10196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196>)5.0Critical \n[CVE-2017-5448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448>)8.6Critical \n[CVE-2017-5455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5455>)7.5Critical \n[CVE-2017-5456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5456>)9.8Critical \n[CVE-2017-5450](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5450>)7.5Critical \n[CVE-2017-5463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5463>)5.3High \n[CVE-2017-5452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5452>)4.3Warning \n[CVE-2017-5453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5453>)4.3Warning \n[CVE-2017-5458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5458>)6.1High \n[CVE-2017-5468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5468>)9.1Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 48, "modified": "2020-06-18T00:00:00", "published": "2017-04-19T00:00:00", "id": "KLA11004", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11004", "title": "\r KLA11004Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5430", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5437", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5448", "CVE-2017-5449", "CVE-2017-5451", "CVE-2017-5453", "CVE-2017-5454", "CVE-2017-5455", "CVE-2017-5456", "CVE-2017-5458", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5461", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5466", "CVE-2017-5467", "CVE-2017-5468", "CVE-2017-5469"], "description": "Arch Linux Security Advisory ASA-201704-6\n=========================================\n\nSeverity: Critical\nDate : 2017-04-21\nCVE-ID : CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433\nCVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437\nCVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441\nCVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445\nCVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449\nCVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455\nCVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460\nCVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466\nCVE-2017-5467 CVE-2017-5468 CVE-2017-5469\nPackage : firefox\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-249\n\nSummary\n=======\n\nThe package firefox before version 53.0-1 is vulnerable to multiple\nissues including arbitrary code execution, cross-site scripting, access\nrestriction bypass, arbitrary filesystem access, denial of service,\ninformation disclosure and content spoofing.\n\nResolution\n==========\n\nUpgrade to 53.0-1.\n\n# pacman -Syu \"firefox>=53.0-1\"\n\nThe problems have been fixed upstream in version 53.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-5429 (arbitrary code execution)\n\nMozilla developers and community members Christian Holler, Jon\nCoppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob\nClary, and Chris Peterson reported memory safety bugs present in\nFirefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs\nshowed evidence of memory corruption and we presume that with enough\neffort that some of these could be exploited to run arbitrary code.\n\n- CVE-2017-5430 (arbitrary code execution)\n\nMozilla developers and community members Christian Holler, Jon\nCoppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup,\nPhilipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs\npresent in Firefox 52 and Firefox ESR 52. Some of these bugs showed\nevidence of memory corruption and we presume that with enough effort\nthat some of these could be exploited to run arbitrary code.\n\n- CVE-2017-5432 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53. It\noccurs during certain text input selection and results in a potentially\nexploitable crash.\n\n- CVE-2017-5433 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53, It\noccurs in SMIL animation functions when pointers to animation elements\nin an array are dropped from the animation controller while still in\nuse. This results in a potentially exploitable crash.\n\n- CVE-2017-5434 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53. It\noccurs when redirecting focus handling and results in a potentially\nexploitable crash.\n\n- CVE-2017-5435 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53. It\noccurs during transaction processing in the editor during design mode\ninteractions and results in a potentially exploitable crash.\n\n- CVE-2017-5436 (arbitrary code execution)\n\nAn out-of-bounds write has been found in the Graphite 2 library,\ntriggered with a maliciously crafted Graphite font. This results in a\npotentially exploitable crash. This issue was fixed in the Graphite 2\nlibrary as well as Mozilla products.\n\n- CVE-2017-5437 (denial of service)\n\nThree vulnerabilities were reported in the Libevent library that allow\nfor out-of-bounds reads and denial of service (DoS) attacks:\nCVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in\nthe Libevent library and these changes were ported to Mozilla code in\nFirefox 53.\n\n- CVE-2017-5438 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53, during\nXSLT processing due to the result handler being held by a freed handler\nduring handling. This results in a potentially exploitable crash.\n\n- CVE-2017-5439 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53, during\nXSLT processing due to poor handling of template parameters. This\nresults in a potentially exploitable crash.\n\n- CVE-2017-5440 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53, during\nXSLT processing due to a failure to propagate error conditions during\nmatching while evaluating context, leading to objects being used when\nthey no longer exist. This results in a potentially exploitable crash.\n\n- CVE-2017-5441 (arbitrary code execution)\n\nA use-after-free vulnerability when holding a selection during scroll\nevents has been found in Firefox < 53. This results in a potentially\nexploitable crash.\n\n- CVE-2017-5442 (arbitrary code execution)\n\nA use-after-free vulnerability during changes in style when\nmanipulating DOM elements has been found in Firefox < 53. This results\nin a potentially exploitable crash.\n\n- CVE-2017-5443 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability has been found in Firefox < 53,\nwhile decoding improperly formed BinHex format archives.\n\n- CVE-2017-5444 (information disclosure)\n\nA buffer overflow vulnerability has been found in Firefox < 53, while\nparsing application/http-index-format format content when the header\ncontains improperly formatted data. This allows for an out-of-bounds\nread of data from memory.\n\n- CVE-2017-5445 (information disclosure)\n\nA vulnerability has been found in Firefox < 53, while parsing\napplication/http-index-format format content where uninitialized values\nare used to create an array. This could allow the reading of\nuninitialized memory into the arrays affected.\n\n- CVE-2017-5446 (arbitrary code execution)\n\nAn out-of-bounds read has been found in Firefox < 53, when an HTTP/2\nconnection to a servers sends DATA frames with incorrect data content.\nThis leads to a potentially exploitable crash.\n\n- CVE-2017-5447 (arbitrary code execution)\n\nAn out-of-bounds read has been found in Firefox < 53, during the\nprocessing of glyph widths while rendering text layout. This results in\na potentially exploitable crash and could allow an attacker to read\notherwise inaccessible memory.\n\n- CVE-2017-5448 (arbitrary code execution)\n\nA security issue has been found in Firefox < 53, an out-of-bounds write\nin ClearKeyDecryptor while decrypting some Clearkey-encrypted media\ncontent. The ClearKeyDecryptor code runs within the Gecko Media Plugin\n(GMP) sandbox. If a second mechanism is found to escape the sandbox,\nthis vulnerability allows for the writing of arbitrary data within\nmemory, resulting in a potentially exploitable crash.\n\n- CVE-2017-5449 (arbitrary code execution)\n\nA possibly exploitable crash has been found in Firefox < 53, triggered\nduring layout and manipulation of bidirectional unicode text in concert\nwith CSS animations.\n\n- CVE-2017-5451 (content spoofing)\n\nA security issue has been found in Firefox < 53, allowing to spoof the\naddressbar through the user interaction on the addressbar and the\nonblur event. The event could be used by script to affect text display\nto make the loaded site appear to be different from the one actually\nloaded within the addressbar.\n\n- CVE-2017-5453 (content spoofing)\n\nA security issue has been found in Firefox < 53, allowing to inject\nstatic HTML into the RSS reader preview page due to a failure to escape\ncharacters sent as URL parameters for a feed's TITLE element. This\nvulnerability allows for spoofing but no scripted content can be run.\n\n- CVE-2017-5454 (access restriction bypass)\n\nA security issue has been found in Firefox < 53, allowing to bypass\nfile system access protections in the sandbox to use the file picker to\naccess different files than those selected in the file picker through\nthe use of relative paths. This allows for read only access to the\nlocal file system.\n\n- CVE-2017-5455 (access restriction bypass)\n\nA security issue has been found in Firefox < 53. The internal feed\nreader APIs that crossed the sandbox barrier allowed for a sandbox\nescape and escalation of privilege if combined with another\nvulnerability that resulted in remote code execution inside the\nsandboxed process.\n\n- CVE-2017-5456 (arbitrary filesystem access)\n\nA security issue has been found in Firefox < 53, allowing to bypass\nfile system access protections in the sandbox using the file system\nrequest constructor through an IPC message. This allows for read and\nwrite access to the local file system.\n\n- CVE-2017-5458 (cross-site scripting)\n\nAn issue has been found in Firefox < 53. When a javascript: URL is drag\nand dropped by a user into the addressbar, the URL will be processed\nand executed. This allows for users to be socially engineered to\nexecute an XSS attack on themselves.\n\n- CVE-2017-5459 (arbitrary code execution)\n\nA buffer overflow has been found in the WebGL part of Firefox < 53.\nIt's triggerable by web content, resulting in a potentially exploitable\ncrash.\n\n- CVE-2017-5460 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in Firefox < 53. It's\nlocated in frame selection, triggered by a combination of malicious\nscript content and key presses by a user. This results in a potentially\nexploitable crash.\n\n- CVE-2017-5461 (arbitrary code execution)\n\nAn out-of-bounds write during Base64 decoding operation has been found\nin the Network Security Services (NSS) library due to insufficient\nmemory being allocated to the buffer.\nAn attacker could use this flaw to create a specially crafted\ncertificate which, when parsed by NSS, could cause it to crash or\nexecute arbitrary code, using the permissions of the user running an\napplication compiled against the NSS library. The issue has been fixed\nin releases 3.29.5 and 3.30.1.\n\n- CVE-2017-5464 (arbitrary code execution)\n\nA security issue has been found in Firefox < 53. During DOM\nmanipulations of the accessibility tree through script, the DOM tree\ncan become out of sync with the accessibility tree, leading to memory\ncorruption and a potentially exploitable crash.\n\n- CVE-2017-5465 (information disclosure)\n\nAn out-of-bounds read has been found in Firefox < 53, while processing\nSVG content in ConvolvePixel. This results in a crash and also allows\nfor otherwise inaccessible memory being copied into SVG graphic\ncontent, which could then displayed.\n\n- CVE-2017-5466 (cross-site scripting)\n\nAn origin confusion issue has been found in Firefox < 53. If a page is\nloaded from an original site through a hyperlink and contains a\nredirect to a data:text/html URL, triggering a reload will run the\nreloaded data:text/html page with its origin set incorrectly. This\nallows for a cross-site scripting (XSS) attack.\n\n- CVE-2017-5467 (denial of service)\n\nA potential memory corruption and crash has been found in Firefox < 53,\nwhen using Skia content when drawing content outside of the bounds of a\nclipping region.\n\n- CVE-2017-5468 (denial of service)\n\nAn issue with incorrect ownership model of privateBrowsing information\nexposed through developer tools has been found in Firefox < 53. This\ncan result in a non-exploitable crash when manually triggered during\ndebugging.\n\n- CVE-2017-5469 (arbitrary code execution)\n\nSeveral potential buffer overflows in generated code, due to the\nCVE-2016-6354 issue in Flex, have been fixed in Firefox 53.\n\nImpact\n======\n\nA remote attacker can spoof content, bypass access restrictions, access\narbitrary files and sensitive information, crash the application and\nexecute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5429\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5430\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5432\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1346654\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5433\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1347168\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5434\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1349946\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5435\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1350683\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5436\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1345461\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5437\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1343453\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5438\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1336828\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5439\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1336830\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5440\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1336832\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5441\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1343795\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5442\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1347979\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5443\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1342661\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5444\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1344461\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5445\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1344467\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5446\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1343505\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5447\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1343552\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5448\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1346648\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5449\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1340127\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5451\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1273537\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5453\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1321247\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5454\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1349276\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5455\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1341191\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5456\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1344415\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5458\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1229426\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5459\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1333858\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5460\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1343642\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1344380\nhttps://hg.mozilla.org/projects/nss/rev/ac34db053672\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5464\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1347075\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5465\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1347617\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5466\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1353975\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5467\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1347262\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5468\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1329521\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5469\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1292534\nhttps://security.archlinux.org/CVE-2017-5429\nhttps://security.archlinux.org/CVE-2017-5430\nhttps://security.archlinux.org/CVE-2017-5432\nhttps://security.archlinux.org/CVE-2017-5433\nhttps://security.archlinux.org/CVE-2017-5434\nhttps://security.archlinux.org/CVE-2017-5435\nhttps://security.archlinux.org/CVE-2017-5436\nhttps://security.archlinux.org/CVE-2017-5437\nhttps://security.archlinux.org/CVE-2017-5438\nhttps://security.archlinux.org/CVE-2017-5439\nhttps://security.archlinux.org/CVE-2017-5440\nhttps://security.archlinux.org/CVE-2017-5441\nhttps://security.archlinux.org/CVE-2017-5442\nhttps://security.archlinux.org/CVE-2017-5443\nhttps://security.archlinux.org/CVE-2017-5444\nhttps://security.archlinux.org/CVE-2017-5445\nhttps://security.archlinux.org/CVE-2017-5446\nhttps://security.archlinux.org/CVE-2017-5447\nhttps://security.archlinux.org/CVE-2017-5448\nhttps://security.archlinux.org/CVE-2017-5449\nhttps://security.archlinux.org/CVE-2017-5451\nhttps://security.archlinux.org/CVE-2017-5453\nhttps://security.archlinux.org/CVE-2017-5454\nhttps://security.archlinux.org/CVE-2017-5455\nhttps://security.archlinux.org/CVE-2017-5456\nhttps://security.archlinux.org/CVE-2017-5458\nhttps://security.archlinux.org/CVE-2017-5459\nhttps://security.archlinux.org/CVE-2017-5460\nhttps://security.archlinux.org/CVE-2017-5461\nhttps://security.archlinux.org/CVE-2017-5464\nhttps://security.archlinux.org/CVE-2017-5465\nhttps://security.archlinux.org/CVE-2017-5466\nhttps://security.archlinux.org/CVE-2017-5467\nhttps://security.archlinux.org/CVE-2017-5468\nhttps://security.archlinux.org/CVE-2017-5469", "modified": "2017-04-21T00:00:00", "published": "2017-04-21T00:00:00", "id": "ASA-201704-6", "href": "https://security.archlinux.org/ASA-201704-6", "type": "archlinux", "title": "[ASA-201704-6] firefox: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-06-26T14:15:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7752", "CVE-2017-5451", "CVE-2017-7765", "CVE-2017-7763", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-7778", "CVE-2017-5441", "CVE-2017-5472", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-7756", "CVE-2017-7761", "CVE-2017-5465", "CVE-2017-7764", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-7749", "CVE-2017-5455", "CVE-2017-5470", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-7751", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-7750", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-7768", "CVE-2017-5456", "CVE-2017-5430", "CVE-2017-5448", "CVE-2017-5459", "CVE-2017-5443", "CVE-2017-5464"], "description": "The MozillaFirefox was updated to the new ESR 52.2 release, which fixes\n the following issues (bsc#1043960):\n\n * MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder\n * MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading\n * MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listeners\n * MFSA 2017-16/CVE-2017-5472 Use-after-free using destroyed node when\n regenerating trees\n * MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and\n Firefox ESR 52.2\n * MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input\n * MFSA 2017-16/CVE-2017-7750 Use-after-free with track elements\n * MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read through Mozilla\n Maintenance Service\n * MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the Graphite 2 library\n * MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL with ImageInfo\n object\n * MFSA 2017-16/CVE-2017-7755 Privilege escalation through Firefox\n Installer with same directory DLL files\n * MFSA 2017-16/CVE-2017-7756 Use-after-free and use-after-scope logging\n XHR header errors\n * MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB\n * MFSA 2017-16/CVE-2017-7761 File deletion and privilege escalation\n through Mozilla Maintenance Service helper.exe application\n * MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode characters as\n spaces\n * MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when saving executable\n files\n * MFSA 2017-16/CVE-2017-7764 (bmo#1364283,\n bmo#<a rel=\"nofollow\" href=\"http://www.unicode.org/reports/tr31/tr31-26\">http://www.unicode.org/reports/tr31/tr31-26</a>\n .html#Aspirational_Use_Scripts) Domain spoofing with combination of\n Canadian Syllabics and\n other unicode blocks\n\n - update to Firefox ESR 52.1 (bsc#1035082)\n * MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent library\n * MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during BinHex decoding\n * MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in Firefox 53,\n Firefox ESR 45.9, and Firefox ESR 52.1\n * MFSA 2017-12/CVE-2017-5464 Memory corruption with accessibility and DOM\n manipulation\n * MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in ConvolvePixel\n * MFSA 2017-12/CVE-2017-5466 Origin confusion when reloading isolated\n data:text/html URL\n * MFSA 2017-12/CVE-2017-5467 Memory corruption when drawing Skia content\n * MFSA 2017-12/CVE-2017-5460 Use-after-free in frame selection\n * MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64 encoding in NSS\n * MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in ClearKeyDecryptor\n * MFSA 2017-12/CVE-2017-5449 Crash during bidirectional unicode\n manipulation with animation\n * MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when HTTP/2 DATA frames\n are sent with incorrect data\n * MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during glyph processing\n * MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing\n application/http-index-format content\n * MFSA 2017-12/CVE-2017-5445 Uninitialized values used while parsing\n application/http- index-format content\n * MFSA 2017-12/CVE-2017-5442 Use-after-free during style changes\n * MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in flex-generated\n code\n * MFSA 2017-12/CVE-2017-5440 Use-after-free in txExecutionState destructor\n during XSLT processing\n * MFSA 2017-12/CVE-2017-5441 Use-after-free with selection during scroll\n events\n * MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray Length() during\n XSLT processing\n * MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr during XSLT\n processing\n * MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with malicious font in\n Graphite 2\n * MFSA 2017-12/CVE-2017-5435 Use-after-free during transaction processing\n in the editor\n * MFSA 2017-12/CVE-2017-5434 Use-after-free during focus handling\n * MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL animation functions\n * MFSA 2017-12/CVE-2017-5432 Use-after-free in text input selection\n * MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in Firefox 53 and\n Firefox ESR 52.1\n * MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL\n * MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS\n * MFSA 2017-12/CVE-2017-5455 Sandbox escape through internal feed reader\n APIs\n * MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file system read\n access through file picker\n * MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local file system\n access\n * MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with onblur event\n\n", "edition": 1, "modified": "2017-06-26T12:10:28", "published": "2017-06-26T12:10:28", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-06/msg00030.html", "id": "SUSE-SU-2017:1669-1", "title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLE (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-22T23:07:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7755", "CVE-2017-7752", "CVE-2017-5451", "CVE-2017-7765", "CVE-2017-7763", "CVE-2015-5276", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-7778", "CVE-2017-5441", "CVE-2017-5472", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-7756", "CVE-2017-7761", "CVE-2017-5465", "CVE-2017-7764", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-7749", "CVE-2017-5455", "CVE-2017-5470", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-7751", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-7750", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-7768", "CVE-2017-5456", "CVE-2017-5430", "CVE-2017-5448", "CVE-2017-5459", "CVE-2017-5443", "CVE-2017-5464"], "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n Security issues fixed:\n - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16)\n - CVE-2017-7758: Out-of-bounds read in Opus encoder\n - CVE-2017-7749: Use-after-free during docshell reloading\n - CVE-2017-7751: Use-after-free with content viewer listeners\n - CVE-2017-5472: Use-after-free using destroyed node when regenerating\n trees\n - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR\n 52.2\n - CVE-2017-7752: Use-after-free with IME input\n - CVE-2017-7750: Use-after-free with track elements\n - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance\n Service\n - CVE-2017-7778: Vulnerabilities in the Graphite 2 library\n - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object\n - CVE-2017-7755: Privilege escalation through Firefox Installer with\n same directory DLL files\n - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header\n errors\n - CVE-2017-7757: Use-after-free in IndexedDB\n - CVE-2017-7761: File deletion and privilege escalation through Mozilla\n Maintenance Service helper.exe application\n - CVE-2017-7763: Mac fonts render some unicode characters as spaces\n - CVE-2017-7765: Mark of the Web bypass when saving executable files\n - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics\n and other unicode blocks\n\n - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12)\n - CVE-2016-10196: Vulnerabilities in Libevent library\n - CVE-2017-5443: Out-of-bounds write during BinHex decoding\n - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR\n 45.9, and Firefox ESR 52.1\n - CVE-2017-5464: Memory corruption with accessibility and DOM\n manipulation\n - CVE-2017-5465: Out-of-bounds read in ConvolvePixel\n - CVE-2017-5466: Origin confusion when reloading isolated data:text/html\n URL\n - CVE-2017-5467: Memory corruption when drawing Skia content\n - CVE-2017-5460: Use-after-free in frame selection\n - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS\n - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor\n - CVE-2017-5449: Crash during bidirectional unicode manipulation with\n animation\n - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent\n with incorrect data\n - CVE-2017-5447: Out-of-bounds read during glyph processing\n - CVE-2017-5444: Buffer overflow while parsing\n application/http-index-format content\n - CVE-2017-5445: Uninitialized values used while parsing\n application/http- index-format content\n - CVE-2017-5442: Use-after-free during style changes\n - CVE-2017-5469: Potential Buffer overflow in flex-generated code\n - CVE-2017-5440: Use-after-free in txExecutionState destructor during\n XSLT processing\n - CVE-2017-5441: Use-after-free with selection during scroll events\n - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT\n processing\n - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing\n - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2\n - CVE-2017-5435: Use-after-free during transaction processing in the\n editor\n - CVE-2017-5434: Use-after-free during focus handling\n - CVE-2017-5433: Use-after-free in SMIL animation functions\n - CVE-2017-5432: Use-after-free in text input selection\n - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR\n 52.1\n - CVE-2017-5459: Buffer overflow in WebGL\n - CVE-2017-5462: DRBG flaw in NSS\n - CVE-2017-5455: Sandbox escape through internal feed reader APIs\n - CVE-2017-5454: Sandbox escape allowing file system read access through\n file picker\n - CVE-2017-5456: Sandbox escape allowing local file system access\n - CVE-2017-5451: Addressbar spoofing with onblur event\n\n - General\n - CVE-2015-5276: Fix for C++11 std::random_device short reads\n (bsc#945842)\n\n Bugfixes:\n - workaround for Firefox hangs (bsc#1031485, bsc#1025108)\n - Update to gcc-5-branch head.\n * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468),\n (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382).\n - Add fix to revert accidential libffi ABI breakage on AARCH64.\n (bsc#968771)\n - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again.\n (bsc#954002)\n - Fix libffi include install. (bsc#935510)\n\n", "edition": 1, "modified": "2017-08-22T21:08:17", "published": "2017-08-22T21:08:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00061.html", "id": "SUSE-SU-2017:2235-1", "title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}