[SECURITY] Fedora 31 Update: lout-3.40-18.fc31

2020-10-31T02:02:27

Description

Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on most laser printers and graphic display devices. Plain text output is also available, PDF output is limited but working (e.g. no graphics). Lout is inherently multilingual. Adding new languages is easy.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	31	lout	3.40

{"id": "FEDORA:5EA8230E4E9B", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 31 Update: lout-3.40-18.fc31", "description": "Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on most laser printers and graphic display devices. Plain text output is also available, PDF output is limited but working (e.g. no graphics). Lout is inherently multilingual. Adding new languages is easy. ", "published": "2020-10-31T02:02:27", "modified": "2020-10-31T02:02:27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "immutableFields": [], "lastseen": "2021-07-28T14:46:52", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19917", "CVE-2019-19918"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19917", "DEBIANCVE:CVE-2019-19918"]}, {"type": "fedora", "idList": ["FEDORA:502943092822", "FEDORA:5C1E43093F5A"]}, {"type": "nessus", "idList": ["FEDORA_2020-81C80FF1ED.NASL", "FEDORA_2020-869CD99560.NASL", "FEDORA_2020-88FB82D1CD.NASL", "OPENSUSE-2020-1771.NASL", "OPENSUSE-2020-1772.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1771-1", "OPENSUSE-SU-2020:1772-1", "OPENSUSE-SU-2020:1812-1", "OPENSUSE-SU-2020:1813-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19917", "UB:CVE-2019-19918"]}], "rev": 4}, "score": {"value": 4.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-19917", "CVE-2019-19918"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19917", "DEBIANCVE:CVE-2019-19918"]}, {"type": "fedora", "idList": ["FEDORA:502943092822", "FEDORA:5C1E43093F5A"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-1771.NASL", "OPENSUSE-2020-1772.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1771-1", "OPENSUSE-SU-2020:1772-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19917", "UB:CVE-2019-19918"]}]}, "exploitation": null, "vulnersScore": 4.2}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "31", "arch": "any", "packageVersion": "3.40", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "lout"}]}

{"nessus": [{"lastseen": "2022-02-19T00:54:02", "description": "This update for lout fixes the following issues :\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713).\n\n - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord() (boo#1159714).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : lout (openSUSE-2020-1771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lout", "p-cpe:/a:novell:opensuse:lout-debuginfo", "p-cpe:/a:novell:opensuse:lout-debugsource", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1771.NASL", "href": "https://www.tenable.com/plugins/nessus/142115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1771.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142115);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/03\");\n\n script_cve_id(\"CVE-2019-19917\", \"CVE-2019-19918\");\n\n script_name(english:\"openSUSE Security Update : lout (openSUSE-2020-1771)\");\n script_summary(english:\"Check for the openSUSE-2020-1771 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for lout fixes the following issues :\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext()\n (boo#1159713).\n\n - CVE-2019-19917: Fixed buffer overflow in\n StringQuotedWord() (boo#1159714).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159714\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lout packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lout-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lout-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"lout-3.40-lp152.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"lout-debuginfo-3.40-lp152.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"lout-debugsource-3.40-lp152.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lout / lout-debuginfo / lout-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T12:19:35", "description": "Add lout-3.40-cve.patch from https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html fixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and CVE-2019-19917), two buffer overflows.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 33 : lout (2020-81c80ff1ed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lout", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-81C80FF1ED.NASL", "href": "https://www.tenable.com/plugins/nessus/142205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-81c80ff1ed.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142205);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\"CVE-2019-19917\", \"CVE-2019-19918\");\n script_xref(name:\"FEDORA\", value:\"2020-81c80ff1ed\");\n\n script_name(english:\"Fedora 33 : lout (2020-81c80ff1ed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Add lout-3.40-cve.patch from\nhttps://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html\nfixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and\nCVE-2019-19917), two buffer overflows.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-81c80ff1ed\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lout package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lout\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"lout-3.40-18.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lout\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T12:19:17", "description": "Add lout-3.40-cve.patch from https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html fixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and CVE-2019-19917), two buffer overflows.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 32 : lout (2020-869cd99560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lout", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-869CD99560.NASL", "href": "https://www.tenable.com/plugins/nessus/142171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-869cd99560.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142171);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\"CVE-2019-19917\", \"CVE-2019-19918\");\n script_xref(name:\"FEDORA\", value:\"2020-869cd99560\");\n\n script_name(english:\"Fedora 32 : lout (2020-869cd99560)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Add lout-3.40-cve.patch from\nhttps://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html\nfixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and\nCVE-2019-19917), two buffer overflows.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-869cd99560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lout package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lout\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"lout-3.40-18.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lout\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-15T23:54:56", "description": "Add lout-3.40-cve.patch from https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html fixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and CVE-2019-19917), two buffer overflows.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 31 : lout (2020-88fb82d1cd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lout", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-88FB82D1CD.NASL", "href": "https://www.tenable.com/plugins/nessus/142193", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-88fb82d1cd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142193);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\"CVE-2019-19917\", \"CVE-2019-19918\");\n script_xref(name:\"FEDORA\", value:\"2020-88fb82d1cd\");\n\n script_name(english:\"Fedora 31 : lout (2020-88fb82d1cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Add lout-3.40-cve.patch from\nhttps://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html\nfixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and\nCVE-2019-19917), two buffer overflows.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-88fb82d1cd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lout package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lout\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"lout-3.40-18.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lout\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:54:59", "description": "This update for lout fixes the following issues :\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713).\n\n - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord() (boo#1159714).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : lout (openSUSE-2020-1772)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lout", "p-cpe:/a:novell:opensuse:lout-debuginfo", "p-cpe:/a:novell:opensuse:lout-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1772.NASL", "href": "https://www.tenable.com/plugins/nessus/142097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1772.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142097);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/03\");\n\n script_cve_id(\"CVE-2019-19917\", \"CVE-2019-19918\");\n\n script_name(english:\"openSUSE Security Update : lout (openSUSE-2020-1772)\");\n script_summary(english:\"Check for the openSUSE-2020-1772 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for lout fixes the following issues :\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext()\n (boo#1159713).\n\n - CVE-2019-19917: Fixed buffer overflow in\n StringQuotedWord() (boo#1159714).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159714\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lout packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lout-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lout-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"lout-3.40-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"lout-debuginfo-3.40-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"lout-debugsource-3.40-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lout / lout-debuginfo / lout-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. (CVE-2019-19917) Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. (CVE-2019-19918) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-10T15:20:00", "type": "mageia", "title": "Updated lout packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-10T15:20:00", "id": "MGASA-2020-0411", "href": "https://advisories.mageia.org/MGASA-2020-0411.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on most laser printers and graphic display devices. Plain text output is also available, PDF output is limited but working (e.g. no graphics). Lout is inherently multilingual. Adding new languages is easy. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-31T01:55:06", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: lout-3.40-18.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-10-31T01:55:06", "id": "FEDORA:5C1E43093F5A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on most laser printers and graphic display devices. Plain text output is also available, PDF output is limited but working (e.g. no graphics). Lout is inherently multilingual. Adding new languages is easy. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-31T02:02:26", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: lout-3.40-18.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-10-31T02:02:26", "id": "FEDORA:502943092822", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NEJVEIQMRXJ26ZT6657W5RYH7YECVGNB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-06-10T18:10:18", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for lout fixes the following issues:\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713).\n - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord()\n (boo#1159714).\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-1813=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-02T00:00:00", "type": "suse", "title": "Security update for lout (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-02T00:00:00", "id": "OPENSUSE-SU-2020:1813-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVM33X5VUVWOVMKIEMILVE5FDB3YWSZV/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-10T18:10:18", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for lout fixes the following issues:\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713).\n - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord()\n (boo#1159714).\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-1812=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-02T00:00:00", "type": "suse", "title": "Security update for lout (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-11-02T00:00:00", "id": "OPENSUSE-SU-2020:1812-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6LFIRO63GXSAHRERDKRRHDV3GLNTJ7EA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-29T19:24:52", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for lout fixes the following issues:\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713).\n - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord()\n (boo#1159714).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1772=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-29T00:00:00", "type": "suse", "title": "Security update for lout (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-10-29T00:00:00", "id": "OPENSUSE-SU-2020:1772-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWXJT3BMRCLBWRM6J4ZUXWRV3NAA3B27/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-29T19:24:52", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for lout fixes the following issues:\n\n - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713).\n - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord()\n (boo#1159714).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1771=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-29T00:00:00", "type": "suse", "title": "Security update for lout (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917", "CVE-2019-19918"], "modified": "2020-10-29T00:00:00", "id": "OPENSUSE-SU-2020:1771-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5KIQ7BTUI6UATZOJGZFHRX36QES3G7OP/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:50:30", "description": "Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-20T20:15:00", "type": "debiancve", "title": "CVE-2019-19918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19918"], "modified": "2019-12-20T20:15:00", "id": "DEBIANCVE:CVE-2019-19918", "href": "https://security-tracker.debian.org/tracker/CVE-2019-19918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:50:30", "description": "Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-20T20:15:00", "type": "debiancve", "title": "CVE-2019-19917", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917"], "modified": "2019-12-20T20:15:00", "id": "DEBIANCVE:CVE-2019-19917", "href": "https://security-tracker.debian.org/tracker/CVE-2019-19917", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:28:08", "description": "Lout 3.40 has a heap-based buffer overflow in the srcnext() function in\nz02.c.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947113>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-20T00:00:00", "type": "ubuntucve", "title": "CVE-2019-19918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19918"], "modified": "2019-12-20T00:00:00", "id": "UB:CVE-2019-19918", "href": "https://ubuntu.com/security/CVE-2019-19918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:31:18", "description": "Lout 3.40 has a buffer overflow in the StringQuotedWord() function in\nz39.c.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947113>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-20T00:00:00", "type": "ubuntucve", "title": "CVE-2019-19917", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917"], "modified": "2019-12-20T00:00:00", "id": "UB:CVE-2019-19917", "href": "https://ubuntu.com/security/CVE-2019-19917", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T22:20:22", "description": "Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-20T20:15:00", "type": "cve", "title": "CVE-2019-19918", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19918"], "modified": "2020-11-02T21:15:00", "cpe": ["cpe:/a:lout_project:lout:3.40"], "id": "CVE-2019-19918", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:lout_project:lout:3.40:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T22:20:21", "description": "Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-20T20:15:00", "type": "cve", "title": "CVE-2019-19917", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19917"], "modified": "2020-11-05T15:33:00", "cpe": ["cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:opensuse:leap:15.1", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:lout_project:lout:3.40", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2019-19917", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19917", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:lout_project:lout:3.40:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*"]}]}

[SECURITY] Fedora 31 Update: lout-3.40-18.fc31

Description

Affected Package

Related