ID FEDORA:9BABC6076D3C Type fedora Reporter Fedora Modified 2018-12-30T03:21:46
Description
The library supports many operations that are useful on * Document images * Natural images Fundamental image processing and image analysis operations * Rasterop (aka bitblt) * Affine transforms (scaling, translation, rotation, shear) on images of arbitrary pixel depth * Projective and bi-linear transforms * Binary and gray scale morphology, rank order filters, and convolution * Seed-fill and connected components * Image transformations with changes in pixel depth, both at the same scale and with scale change * Pixelwise masking, blending, enhancement, arithmetic ops, etc.
{"id": "FEDORA:9BABC6076D3C", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 29 Update: leptonica-1.77.0-1.fc29", "description": "The library supports many operations that are useful on * Document images * Natural images Fundamental image processing and image analysis operations * Rasterop (aka bitblt) * Affine transforms (scaling, translation, rotation, shear) on images of arbitrary pixel depth * Projective and bi-linear transforms * Binary and gray scale morphology, rank order filters, and convolution * Seed-fill and connected components * Image transformations with changes in pixel depth, both at the same scale and with scale change * Pixelwise masking, blending, enhancement, arithmetic ops, etc. ", "published": "2018-12-30T03:21:46", "modified": "2018-12-30T03:21:46", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2018-7441", "CVE-2018-7442"], "lastseen": "2020-12-21T08:17:55", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-7441", "CVE-2018-7442"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874576", "OPENVAS:1361412562310876034", "OPENVAS:1361412562310875659", "OPENVAS:1361412562310875383", "OPENVAS:1361412562310875379"]}, {"type": "nessus", "idList": ["FEDORA_2018-93A16D053F.NASL", "FEDORA_2018-C6E8B5F529.NASL", "FEDORA_2018-4DB33B3753.NASL"]}, {"type": "fedora", "idList": ["FEDORA:CE7B160A8655", "FEDORA:4723360478DC", "FEDORA:3CBDD6076D3C", "FEDORA:AC554602E7F5"]}], "modified": "2020-12-21T08:17:55", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2020-12-21T08:17:55", "rev": 2}, "vulnersScore": 6.3}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "29", "arch": "any", "packageName": "leptonica", "packageVersion": "1.77.0", "packageFilename": "UNKNOWN", "operator": "lt"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:52:42", "description": "Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.", "edition": 6, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-23T21:29:00", "title": "CVE-2018-7441", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7441"], "modified": "2018-03-19T16:17:00", "cpe": ["cpe:/a:leptonica:leptonica:1.75.3"], "id": "CVE-2018-7441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7441", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:leptonica:leptonica:1.75.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:42", "description": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-02-23T21:29:00", "title": "CVE-2018-7442", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7442"], "modified": "2018-03-17T10:30:00", "cpe": ["cpe:/a:leptonica:leptonica:1.75.3"], "id": "CVE-2018-7442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7442", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:leptonica:leptonica:1.75.3:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7441", "CVE-2018-7442"], "description": "The library supports many operations that are useful on * Document images * Natural images Fundamental image processing and image analysis operations * Rasterop (aka bitblt) * Affine transforms (scaling, translation, rotation, shear) on images of arbitrary pixel depth * Projective and bi-linear transforms * Binary and gray scale morphology, rank order filters, and convolution * Seed-fill and connected components * Image transformations with changes in pixel depth, both at the same scale and with scale change * Pixelwise masking, blending, enhancement, arithmetic ops, etc. ", "modified": "2018-12-29T02:26:06", "published": "2018-12-29T02:26:06", "id": "FEDORA:AC554602E7F5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: leptonica-1.77.0-1.fc28", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7441", "CVE-2018-7442"], "description": "MinGW Windows Leptonica library. ", "modified": "2018-12-29T02:26:07", "published": "2018-12-29T02:26:07", "id": "FEDORA:4723360478DC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mingw-leptonica-1.77.0-1.fc28", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7441", "CVE-2018-7442"], "description": "MinGW Windows Leptonica library. ", "modified": "2018-12-30T03:21:47", "published": "2018-12-30T03:21:47", "id": "FEDORA:3CBDD6076D3C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mingw-leptonica-1.77.0-1.fc29", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3836", "CVE-2018-7440", "CVE-2018-7442"], "description": "The library supports many operations that are useful on * Document images * Natural images Fundamental image processing and image analysis operations * Rasterop (aka bitblt) * Affine transforms (scaling, translation, rotation, shear) on images of arbitrary pixel depth * Projective and bi-linear transforms * Binary and gray scale morphology, rank order filters, and convolution * Seed-fill and connected components * Image transformations with changes in pixel depth, both at the same scale and with scale change * Pixelwise masking, blending, enhancement, arithmetic ops, etc. ", "modified": "2018-05-16T13:07:57", "published": "2018-05-16T13:07:57", "id": "FEDORA:CE7B160A8655", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: leptonica-1.76.0-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7441"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876034", "type": "openvas", "title": "Fedora Update for mingw-leptonica FEDORA-2018-4db33b3753", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876034\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-7441\", \"CVE-2018-7442\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:32:41 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for mingw-leptonica FEDORA-2018-4db33b3753\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4db33b3753\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TDWYLFOLBM4SWC3GJEZRKV4RS76YL4K\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-leptonica'\n package(s) announced via the FEDORA-2018-4db33b3753 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows Leptonica library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-leptonica' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-leptonica\", rpm:\"mingw-leptonica~1.77.0~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7441"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-12-29T00:00:00", "id": "OPENVAS:1361412562310875383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875383", "type": "openvas", "title": "Fedora Update for mingw-leptonica FEDORA-2018-93a16d053f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_93a16d053f_mingw-leptonica_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-leptonica FEDORA-2018-93a16d053f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875383\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-7442\", \"CVE-2018-7441\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-29 04:31:14 +0100 (Sat, 29 Dec 2018)\");\n script_name(\"Fedora Update for mingw-leptonica FEDORA-2018-93a16d053f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-93a16d053f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LX4CBBO34NZVE74R2X4NQ3YYNYG44PRG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-leptonica'\n package(s) announced via the FEDORA-2018-93a16d053f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"mingw-leptonica on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-leptonica\", rpm:\"mingw-leptonica~1.77.0~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7441"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875659", "type": "openvas", "title": "Fedora Update for leptonica FEDORA-2018-4db33b3753", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875659\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-7441\", \"CVE-2018-7442\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:14:56 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for leptonica FEDORA-2018-4db33b3753\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4db33b3753\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LJJISTEBB7YZTHUYIQH6HIM7ZKIQCD5P\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'leptonica'\n package(s) announced via the FEDORA-2018-4db33b3753 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The library supports many operations that are useful on\n\n * Document images\n\n * Natural images\n\nFundamental image processing and image analysis operations\n\n * Rasterop (aka bitblt)\n\n * Affine transforms (scaling, translation, rotation, shear)\n on images of arbitrary pixel depth\n\n * Projective and bi-linear transforms\n\n * Binary and gray scale morphology, rank order filters, and\n convolution\n\n * Seed-fill and connected components\n\n * Image transformations with changes in pixel depth, both at\n the same scale and with scale change\n\n * Pixelwise masking, blending, enhancement, arithmetic ops,\n etc.\");\n\n script_tag(name:\"affected\", value:\"'leptonica' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"leptonica\", rpm:\"leptonica~1.77.0~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7441"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-12-29T00:00:00", "id": "OPENVAS:1361412562310875379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875379", "type": "openvas", "title": "Fedora Update for leptonica FEDORA-2018-93a16d053f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_93a16d053f_leptonica_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for leptonica FEDORA-2018-93a16d053f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875379\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-7442\", \"CVE-2018-7441\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-29 04:30:37 +0100 (Sat, 29 Dec 2018)\");\n script_name(\"Fedora Update for leptonica FEDORA-2018-93a16d053f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-93a16d053f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3W4K2QTUR5LV5XCYFQSU55BOBSJOTUL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'leptonica'\n package(s) announced via the FEDORA-2018-93a16d053f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"leptonica on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"leptonica\", rpm:\"leptonica~1.77.0~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-3836", "CVE-2018-7440"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-17T00:00:00", "id": "OPENVAS:1361412562310874576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874576", "type": "openvas", "title": "Fedora Update for leptonica FEDORA-2018-c6e8b5f529", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c6e8b5f529_leptonica_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for leptonica FEDORA-2018-c6e8b5f529\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874576\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-17 05:46:33 +0200 (Thu, 17 May 2018)\");\n script_cve_id(\"CVE-2018-7442\", \"CVE-2018-7440\", \"CVE-2018-3836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for leptonica FEDORA-2018-c6e8b5f529\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'leptonica'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"leptonica on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c6e8b5f529\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQW5PHZGVNBQR4NN3HULQGVXLFM52EE4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"leptonica\", rpm:\"leptonica~1.76.0~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:18:04", "description": "Update to leptonica-1.77.0, see\nhttp://www.leptonica.com/source/version-notes.html for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : leptonica / mingw-leptonica (2018-4db33b3753)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7441"], "modified": "2019-01-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:mingw-leptonica", "p-cpe:/a:fedoraproject:fedora:leptonica"], "id": "FEDORA_2018-4DB33B3753.NASL", "href": "https://www.tenable.com/plugins/nessus/120407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4db33b3753.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120407);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7441\", \"CVE-2018-7442\");\n script_xref(name:\"FEDORA\", value:\"2018-4db33b3753\");\n\n script_name(english:\"Fedora 29 : leptonica / mingw-leptonica (2018-4db33b3753)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to leptonica-1.77.0, see\nhttp://www.leptonica.com/source/version-notes.html for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.leptonica.com/source/version-notes.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4db33b3753\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected leptonica and / or mingw-leptonica packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:leptonica\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-leptonica\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"leptonica-1.77.0-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-leptonica-1.77.0-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"leptonica / mingw-leptonica\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T10:19:37", "description": "Update to leptonica-1.77.0, see\nhttp://www.leptonica.com/source/version-notes.html for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : leptonica / mingw-leptonica (2018-93a16d053f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7441"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-leptonica", "p-cpe:/a:fedoraproject:fedora:leptonica", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-93A16D053F.NASL", "href": "https://www.tenable.com/plugins/nessus/120625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-93a16d053f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120625);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7441\", \"CVE-2018-7442\");\n script_xref(name:\"FEDORA\", value:\"2018-93a16d053f\");\n\n script_name(english:\"Fedora 28 : leptonica / mingw-leptonica (2018-93a16d053f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to leptonica-1.77.0, see\nhttp://www.leptonica.com/source/version-notes.html for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.leptonica.com/source/version-notes.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-93a16d053f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected leptonica and / or mingw-leptonica packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:leptonica\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-leptonica\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"leptonica-1.77.0-1.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"mingw-leptonica-1.77.0-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"leptonica / mingw-leptonica\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T10:21:26", "description": "Update to leptonica-1.76.0, see\nhttp://www.leptonica.com/source/version-notes.html for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : leptonica (2018-c6e8b5f529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7442", "CVE-2018-7440"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:leptonica", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-C6E8B5F529.NASL", "href": "https://www.tenable.com/plugins/nessus/120777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-c6e8b5f529.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120777);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7440\", \"CVE-2018-7442\");\n script_xref(name:\"FEDORA\", value:\"2018-c6e8b5f529\");\n\n script_name(english:\"Fedora 28 : leptonica (2018-c6e8b5f529)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to leptonica-1.76.0, see\nhttp://www.leptonica.com/source/version-notes.html for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.leptonica.com/source/version-notes.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c6e8b5f529\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected leptonica package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:leptonica\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"leptonica-1.76.0-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"leptonica\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
