ID FEDORA:E540F6253477 Type fedora Reporter Fedora Modified 2020-01-25T06:36:43
Description
Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats (e.g., X11 bitmaps, Encapsulated PostScript, LaTeX). You should install xfig if you need a simple program to create vector graphics.
{"id": "FEDORA:E540F6253477", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 31 Update: xfig-3.2.7b-1.fc31", "description": "Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats (e.g., X11 bitmaps, Encapsulated PostScript, LaTeX). You should install xfig if you need a simple program to create vector graphics. ", "published": "2020-01-25T06:36:43", "modified": "2020-01-25T06:36:43", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "lastseen": "2020-12-21T08:17:55", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-19746"]}, {"type": "nessus", "idList": ["FEDORA_2020-5D0F0593AE.NASL", "AL2_ALAS-2020-1398.NASL", "FEDORA_2020-6A2824178E.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877368", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398"]}, {"type": "fedora", "idList": ["FEDORA:983DF624CFF6", "FEDORA:73FB862622DB", "FEDORA:B794B627F4F0"]}], "modified": "2020-12-21T08:17:55", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2020-12-21T08:17:55", "rev": 2}, "vulnersScore": 4.5}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "31", "arch": "any", "packageName": "xfig", "packageVersion": "3.2.7b", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T07:12:57", "description": "make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-12T03:15:00", "title": "CVE-2019-19746", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19746"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:fig2dev_project:fig2dev:3.2.7b"], "id": "CVE-2019-19746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19746", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fig2dev_project:fig2dev:3.2.7b:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:57", "description": "read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-15T20:15:00", "title": "CVE-2019-19797", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19797"], "modified": "2020-04-24T17:53:00", "cpe": ["cpe:/a:xfig_project:fig2dev:3.2.7", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2019-19797", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19797", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xfig_project:fig2dev:3.2.7:b:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "The transfig utility creates a makefile which translates FIG (created by xfig) or PIC figures into a specified LaTeX graphics language (for example, PostScript(TM)). Transfig is used to create TeX documents which are portable (i.e., they can be printed in a wide variety of environments). Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages. ", "modified": "2020-01-24T18:52:11", "published": "2020-01-24T18:52:11", "id": "FEDORA:73FB862622DB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: transfig-3.2.7b-1.fc30", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats (e.g., X11 bitmaps, Encapsulated PostScript, LaTeX). You should install xfig if you need a simple program to create vector graphics. ", "modified": "2020-01-24T18:52:11", "published": "2020-01-24T18:52:11", "id": "FEDORA:B794B627F4F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xfig-3.2.7b-1.fc30", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "The transfig utility creates a makefile which translates FIG (created by xfig) or PIC figures into a specified LaTeX graphics language (for example, PostScript(TM)). Transfig is used to create TeX documents which are portable (i.e., they can be printed in a wide variety of environments). Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages. ", "modified": "2020-01-25T06:36:43", "published": "2020-01-25T06:36:43", "id": "FEDORA:983DF624CFF6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: transfig-3.2.7b-1.fc31", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "**Issue Overview:**\n\nread_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. ([CVE-2019-19797 __](<https://access.redhat.com/security/cve/CVE-2019-19797>))\n\nmake_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. ([CVE-2019-19746 __](<https://access.redhat.com/security/cve/CVE-2019-19746>))\n\n \n**Affected Packages:** \n\n\ntransfig\n\n \n**Issue Correction:** \nRun _yum update transfig_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n transfig-3.2.7b-2.amzn2.aarch64 \n transfig-debuginfo-3.2.7b-2.amzn2.aarch64 \n \n i686: \n transfig-3.2.7b-2.amzn2.i686 \n transfig-debuginfo-3.2.7b-2.amzn2.i686 \n \n src: \n transfig-3.2.7b-2.amzn2.src \n \n x86_64: \n transfig-3.2.7b-2.amzn2.x86_64 \n transfig-debuginfo-3.2.7b-2.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-02-24T22:12:00", "published": "2020-02-24T22:12:00", "id": "ALAS2-2020-1398", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1398.html", "title": "Medium: transfig", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-04-29T20:06:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "The remote host is missing an update for the ", "modified": "2020-04-28T00:00:00", "published": "2020-01-27T00:00:00", "id": "OPENVAS:1361412562310877387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877387", "type": "openvas", "title": "Fedora: Security Advisory for xfig (FEDORA-2020-5d0f0593ae)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877387\");\n script_version(\"2020-04-28T06:22:45+0000\");\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-28 06:22:45 +0000 (Tue, 28 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:25:44 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for xfig (FEDORA-2020-5d0f0593ae)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-5d0f0593ae\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xfig'\n package(s) announced via the FEDORA-2020-5d0f0593ae advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xfig is an X Window System tool for creating basic vector graphics,\nincluding bezier curves, lines, rulers and more. The resulting\ngraphics can be saved, printed on PostScript printers or converted to\na variety of other formats (e.g., X11 bitmaps, Encapsulated\nPostScript, LaTeX).\n\nYou should install xfig if you need a simple program to create vector\ngraphics.\");\n\n script_tag(name:\"affected\", value:\"'xfig' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.7b~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-29T20:11:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "The remote host is missing an update for the ", "modified": "2020-04-28T00:00:00", "published": "2020-01-27T00:00:00", "id": "OPENVAS:1361412562310877392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877392", "type": "openvas", "title": "Fedora: Security Advisory for xfig (FEDORA-2020-6a2824178e)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877392\");\n script_version(\"2020-04-28T06:22:45+0000\");\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-28 06:22:45 +0000 (Tue, 28 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:26:04 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for xfig (FEDORA-2020-6a2824178e)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-6a2824178e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xfig'\n package(s) announced via the FEDORA-2020-6a2824178e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xfig is an X Window System tool for creating basic vector graphics,\nincluding bezier curves, lines, rulers and more. The resulting\ngraphics can be saved, printed on PostScript printers or converted to\na variety of other formats (e.g., X11 bitmaps, Encapsulated\nPostScript, LaTeX).\n\nYou should install xfig if you need a simple program to create vector\ngraphics.\");\n\n script_tag(name:\"affected\", value:\"'xfig' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.7b~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-29T20:05:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "The remote host is missing an update for the ", "modified": "2020-04-28T00:00:00", "published": "2020-01-27T00:00:00", "id": "OPENVAS:1361412562310877359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877359", "type": "openvas", "title": "Fedora: Security Advisory for transfig (FEDORA-2020-5d0f0593ae)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877359\");\n script_version(\"2020-04-28T06:22:45+0000\");\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-28 06:22:45 +0000 (Tue, 28 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:23:44 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for transfig (FEDORA-2020-5d0f0593ae)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-5d0f0593ae\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545H6XMXFAZY2G2TYYOCAMBHJU6LM3S3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'transfig'\n package(s) announced via the FEDORA-2020-5d0f0593ae advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The transfig utility creates a makefile which translates FIG (created\nby xfig) or PIC figures into a specified LaTeX graphics language (for\nexample, PostScript(TM)). Transfig is used to create TeX documents\nwhich are portable (i.e., they can be printed in a wide variety of\nenvironments).\n\nInstall transfig if you need a utility for translating FIG or PIC\nfigures into certain graphics languages.\");\n\n script_tag(name:\"affected\", value:\"'transfig' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"transfig\", rpm:\"transfig~3.2.7b~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-29T20:07:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "description": "The remote host is missing an update for the ", "modified": "2020-04-28T00:00:00", "published": "2020-01-27T00:00:00", "id": "OPENVAS:1361412562310877368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877368", "type": "openvas", "title": "Fedora: Security Advisory for transfig (FEDORA-2020-6a2824178e)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877368\");\n script_version(\"2020-04-28T06:22:45+0000\");\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-28 06:22:45 +0000 (Tue, 28 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:24:01 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for transfig (FEDORA-2020-6a2824178e)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-6a2824178e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7DHT2H26YTJQC3SPYPFUPZZJG26MWGTL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'transfig'\n package(s) announced via the FEDORA-2020-6a2824178e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The transfig utility creates a makefile which translates FIG (created\nby xfig) or PIC figures into a specified LaTeX graphics language (for\nexample, PostScript(TM)). Transfig is used to create TeX documents\nwhich are portable (i.e., they can be printed in a wide variety of\nenvironments).\n\nInstall transfig if you need a utility for translating FIG or PIC\nfigures into certain graphics languages.\");\n\n script_tag(name:\"affected\", value:\"'transfig' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"transfig\", rpm:\"transfig~3.2.7b~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-03-17T22:46:46", "description": "read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds\nwrite. (CVE-2019-19797)\n\nmake_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation\nfault and out-of-bounds write because of an integer overflow via a\nlarge arrow type. (CVE-2019-19746)", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-28T00:00:00", "title": "Amazon Linux 2 : transfig (ALAS-2020-1398)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "modified": "2020-02-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:transfig-debuginfo", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:transfig"], "id": "AL2_ALAS-2020-1398.NASL", "href": "https://www.tenable.com/plugins/nessus/134118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1398.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134118);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_xref(name:\"ALAS\", value:\"2020-1398\");\n\n script_name(english:\"Amazon Linux 2 : transfig (ALAS-2020-1398)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds\nwrite. (CVE-2019-19797)\n\nmake_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation\nfault and out-of-bounds write because of an integer overflow via a\nlarge arrow type. (CVE-2019-19746)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1398.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update transfig' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:transfig-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"transfig-3.2.7b-2.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"transfig-debuginfo-3.2.7b-2.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"transfig / transfig-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-21T10:28:57", "description": " - Security fix for CVE-2019-19746, CVE-2019-19797\n\n - New upstream release 3.2.7b\n\n - Add patch fixing CVE-2019-19746 (rhbz#1787040)\n\n - Add patch fixing CVE-2019-19797 (rhbz#1786726)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-01-27T00:00:00", "title": "Fedora 31 : 1:transfig / xfig (2020-5d0f0593ae)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "modified": "2020-01-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:transfig", "p-cpe:/a:fedoraproject:fedora:xfig", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-5D0F0593AE.NASL", "href": "https://www.tenable.com/plugins/nessus/133234", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-5d0f0593ae.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133234);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/20\");\n\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_xref(name:\"FEDORA\", value:\"2020-5d0f0593ae\");\n\n script_name(english:\"Fedora 31 : 1:transfig / xfig (2020-5d0f0593ae)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - Security fix for CVE-2019-19746, CVE-2019-19797\n\n - New upstream release 3.2.7b\n\n - Add patch fixing CVE-2019-19746 (rhbz#1787040)\n\n - Add patch fixing CVE-2019-19797 (rhbz#1786726)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-5d0f0593ae\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:transfig and / or xfig packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19797\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"transfig-3.2.7b-1.fc31\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"xfig-3.2.7b-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:transfig / xfig\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-10-20T22:13:15", "description": " - Security fix for CVE-2019-19746, CVE-2019-19797\n\n - New upstream release 3.2.7b\n\n - Add patch fixing CVE-2019-19746 (rhbz#1787040)\n\n - Add patch fixing CVE-2019-19797 (rhbz#1786726)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 12, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-01-27T00:00:00", "title": "Fedora 30 : 1:transfig / xfig (2020-6a2824178e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19746", "CVE-2019-19797"], "modified": "2020-01-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:1:transfig", "p-cpe:/a:fedoraproject:fedora:xfig"], "id": "FEDORA_2020-6A2824178E.NASL", "href": "https://www.tenable.com/plugins/nessus/133235", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6a2824178e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133235);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/20\");\n\n script_cve_id(\"CVE-2019-19746\", \"CVE-2019-19797\");\n script_xref(name:\"FEDORA\", value:\"2020-6a2824178e\");\n\n script_name(english:\"Fedora 30 : 1:transfig / xfig (2020-6a2824178e)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - Security fix for CVE-2019-19746, CVE-2019-19797\n\n - New upstream release 3.2.7b\n\n - Add patch fixing CVE-2019-19746 (rhbz#1787040)\n\n - Add patch fixing CVE-2019-19797 (rhbz#1786726)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6a2824178e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:transfig and / or xfig packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19797\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"transfig-3.2.7b-1.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"xfig-3.2.7b-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:transfig / xfig\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
