Search...

Amazon Linux AMI : emacs (ALAS-2017-912)

2017-10-13T00:00:00

ID ALA_ALAS-2017-912.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

Command injection flaw within 'enriched mode' handling :

A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-912.
#

include("compat.inc");

if (description)
{
  script_id(103825);
  script_version("3.5");
  script_cvs_date("Date: 2019/04/10 16:10:16");

  script_cve_id("CVE-2017-14482");
  script_xref(name:"ALAS", value:"2017-912");

  script_name(english:"Amazon Linux AMI : emacs (ALAS-2017-912)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Command injection flaw within 'enriched mode' handling :

A command injection flaw within the Emacs 'enriched mode' handling has
been discovered. By tricking an unsuspecting user into opening a
specially crafted file using Emacs, a remote attacker could exploit
this flaw to execute arbitrary commands with the privileges of the
Emacs user. (CVE-2017-14482)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-912.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update emacs' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-el");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"emacs-24.3-20.22.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"emacs-common-24.3-20.22.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"emacs-debuginfo-24.3-20.22.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"emacs-el-24.3-20.22.amzn1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs / emacs-common / emacs-debuginfo / emacs-el");
}

JSON Vulners Source

Initial Source

{"id": "ALA_ALAS-2017-912.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : emacs (ALAS-2017-912)", "description": "Command injection flaw within 'enriched mode' handling :\n\nA command injection flaw within the Emacs 'enriched mode' handling has\nbeen discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)", "published": "2017-10-13T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/103825", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://alas.aws.amazon.com/ALAS-2017-912.html"], "cvelist": ["CVE-2017-14482"], "type": "nessus", "lastseen": "2021-01-01T01:19:41", "edition": 26, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-14482"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2771"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3975-1:C2508", "DEBIAN:DLA-1101-1:5C0E3"]}, {"type": "fedora", "idList": ["FEDORA:DB9E7601D70C", "FEDORA:681616021748", "FEDORA:DD0C6601CFB7", "FEDORA:5E5036045A3D", "FEDORA:51A3B6021748", "FEDORA:8A785601CFB7", "FEDORA:7BCCA6021748", "FEDORA:2564C6045A3D", "FEDORA:84AF9601CFB7", "FEDORA:12FD4601BFE7"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2529-1", "OPENSUSE-SU-2017:2535-1", "SUSE-SU-2017:2532-1"]}, {"type": "ubuntu", "idList": ["USN-3428-1", "USN-3427-1"]}, {"type": "canvas", "idList": ["EMACS_ENRICHED"]}, {"type": "amazon", "idList": ["ALAS-2017-912"]}, {"type": "gentoo", "idList": ["GLSA-201801-07"]}, {"type": "centos", "idList": ["CESA-2017:2771"]}, {"type": "redhat", "idList": ["RHSA-2017:2771"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851621", "OPENVAS:1361412562310873416", "OPENVAS:1361412562310811785", "OPENVAS:1361412562310873411", "OPENVAS:1361412562310873397", "OPENVAS:1361412562310873433", "OPENVAS:1361412562310873395", "OPENVAS:1361412562310703970", "OPENVAS:1361412562310873387", "OPENVAS:1361412562310873423"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-2532-1.NASL", "VIRTUOZZO_VZLSA-2017-2771.NASL", "SL_20170919_EMACS_ON_SL7_X.NASL", "ORACLELINUX_ELSA-2017-2771.NASL", "DEBIAN_DSA-3975.NASL", "OPENSUSE-2017-1078.NASL", "CENTOS_RHSA-2017-2771.NASL", "EULEROS_SA-2019-1381.NASL", "GENTOO_GLSA-201801-07.NASL", "DEBIAN_DSA-3970.NASL"]}], "modified": "2021-01-01T01:19:41", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-01-01T01:19:41", "rev": 2}, "vulnersScore": 6.9}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-912.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103825);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"ALAS\", value:\"2017-912\");\n\n script_name(english:\"Amazon Linux AMI : emacs (ALAS-2017-912)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Command injection flaw within 'enriched mode' handling :\n\nA command injection flaw within the Emacs 'enriched mode' handling has\nbeen discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-912.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update emacs' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-24.3-20.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-common-24.3-20.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-debuginfo-24.3-20.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-el-24.3-20.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-debuginfo / emacs-el\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "103825", "cpe": ["p-cpe:/a:amazon:linux:emacs-el", "p-cpe:/a:amazon:linux:emacs-debuginfo", "p-cpe:/a:amazon:linux:emacs", "p-cpe:/a:amazon:linux:emacs-common", "cpe:/o:amazon:linux"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:13:23", "description": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-14T16:29:00", "title": "CVE-2017-14482", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:emacs:25.2"], "id": "CVE-2017-14482", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14482", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:emacs:25.2:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-08-12T01:02:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3975-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 15, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : emacs25\nCVE ID : CVE-2017-14482\n\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.\n\nWe recommend that you upgrade your emacs25 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 16, "modified": "2017-09-15T21:21:57", "published": "2017-09-15T21:21:57", "id": "DEBIAN:DSA-3975-1:C2508", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00237.html", "title": "[SECURITY] [DSA 3975-1] emacs25 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Package : emacs23\nVersion : 23.4+1-4+deb7u1\nCVE ID : CVE-2017-14482\n\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-09-21T19:50:47", "published": "2017-09-21T19:50:47", "id": "DEBIAN:DLA-1101-1:5C0E3", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00018.html", "title": "[SECURITY] [DLA 1101-1] emacs23 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:04:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "[1:24.3-20]\n- fix unsafe enriched mode translations (#1490452)", "edition": 6, "modified": "2017-09-19T00:00:00", "published": "2017-09-19T00:00:00", "id": "ELSA-2017-2771", "href": "http://linux.oracle.com/errata/ELSA-2017-2771.html", "title": "emacs security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others. ", "modified": "2017-09-19T15:25:10", "published": "2017-09-19T15:25:10", "id": "FEDORA:DB9E7601D70C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: autotrace-0.31.1-49.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Converseen is a batch image conversion tool and resizer written in C++ with Qt5 and Magick++. Converseen allows you to convert images in more than 100 different formats! ", "modified": "2017-09-19T15:25:11", "published": "2017-09-19T15:25:11", "id": "FEDORA:681616021748", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: converseen-0.9.6.2-3.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. ", "modified": "2017-09-19T15:25:12", "published": "2017-09-19T15:25:12", "id": "FEDORA:5E5036045A3D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: emacs-25.3-3.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "A command line tool for generating timing diagrams from ASCII input files. The input files use a structured language to represent signal state transitions and interdependencies. Raster image output support is provided by ImageMagick. It can be used for VHDL or verilog presentations. ", "modified": "2017-09-19T15:25:11", "published": "2017-09-19T15:25:11", "id": "FEDORA:DD0C6601CFB7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: drawtiming-0.7.1-22.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics (SVG) file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many advanced SVG features (markers, clones, alpha blending, etc.) and great care is taken in designing a streamlined interface. It is very easy to edit nodes, perform complex path operations, trace bitmaps and much more. ", "modified": "2017-09-19T15:25:15", "published": "2017-09-19T15:25:15", "id": "FEDORA:7BCCA6021748", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: inkscape-0.92.1-4.20170510bzr15686.fc25.1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "K-3D is a complete 3D modeling, animation and rendering system. K-3D features a robust, object oriented plugin architecture, designed to scale to the needs of professional artists. It is designed from the ground up to generate motion picture quality animation using RenderMan compliant render engines. ", "modified": "2017-09-19T15:25:16", "published": "2017-09-19T15:25:16", "id": "FEDORA:12FD4601BFE7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: k3d-0.8.0.6-8.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "KXStitch can be used to create cross stitch patterns from scratch. It is al so possible to convert existing images to a cross stitch pattern or scan one w ith a Sane supported scanner. ", "modified": "2017-09-19T15:25:16", "published": "2017-09-19T15:25:16", "id": "FEDORA:8A785601CFB7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kxstitch-1.2.0-9.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Perl module to aide in locating a sub-image within an image. ", "modified": "2017-09-19T15:25:17", "published": "2017-09-19T15:25:17", "id": "FEDORA:2564C6045A3D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: perl-Image-SubImageFind-0.03-13.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined arrays in different ways, apply global transformations to arr ay data, reorder the array data, and much more. Additionally, gtatool can import from and export to many other file formats , see the sub-packages! ", "modified": "2017-09-19T15:25:13", "published": "2017-09-19T15:25:13", "id": "FEDORA:51A3B6021748", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: gtatool-2.2.0-6.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "ImageInfo computes and displays selected image attributes. It is similar in function to the ImageMagick \"identify\" utility, but provides a few additional attributes (such as details of embedded ICC profiles), and allows command line selection of the attributes to be computed, avoiding unnecessary computation and and allowing easier parsing of results when this utility is called from a script. ", "modified": "2017-09-19T15:25:14", "published": "2017-09-19T15:25:14", "id": "FEDORA:84AF9601CFB7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: imageinfo-0.05-27.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2018-01-08T02:51:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "### Background\n\nGNU Emacs is a highly extensible and customizable text editor.\n\n### Description\n\nA command injection flaw within the Emacs \u201cenriched mode\u201d handling has been discovered. \n\n### Impact\n\nA remote attacker, by enticing a user to open a specially crafted file, could execute arbitrary commands with the privileges of process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU Emacs 23.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/emacs-23.4-r16\"\n \n\nAll GNU Emacs 24.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/emacs-24.5-r4\"\n \n\nAll GNU Emacs 25.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/emacs-,25.2-r1\"", "edition": 1, "modified": "2018-01-07T00:00:00", "published": "2018-01-07T00:00:00", "href": "https://security.gentoo.org/glsa/201801-07", "id": "GLSA-201801-07", "title": "GNU Emacs: Command injection", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain \nfiles. If a user were tricked into opening a specially crafted file (e.g., email \nmessages in gnus), an attacker could possibly use this to execute arbitrary code.", "edition": 5, "modified": "2017-09-21T00:00:00", "published": "2017-09-21T00:00:00", "id": "USN-3427-1", "href": "https://ubuntu.com/security/notices/USN-3427-1", "title": "Emacs vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:24:39", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain \nfiles. If a user were tricked into opening a specially crafted file (e.g., email \nmessages in gnus), an attacker could possibly use this to execute arbitrary code.", "edition": 5, "modified": "2017-09-21T00:00:00", "published": "2017-09-21T00:00:00", "id": "USN-3428-1", "href": "https://ubuntu.com/security/notices/USN-3428-1", "title": "Emacs vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "canvas": [{"lastseen": "2019-05-29T19:48:22", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14482"], "edition": 2, "description": "**Name**| emacs_enriched \n---|--- \n**CVE**| CVE-2017-14482 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Emacs Enriched Mime-type Handler Arbitrary ELISP Execution \n**Notes**| CVE Name: CVE-2017-14482 \nVENDOR: https://www.gnu.org/software/emacs/ \nNotes: \nEither email this to someone using the GNUS email client or convince \nthem to open it like a normal file. You will eventually get a MOSDEF \nshell. \n \nWARNING: For the CEU release it will likely lock the editor. \n \nTested Operating Systems: \n* Emacs 24.5.1 - Ubuntu 16.04 LTS \n* \n \n \nRepeatability: Infinite \nReferences: ['https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70', 'https://access.redhat.com/security/cve/CVE-2017-14482'] \nCVE URL: https://access.redhat.com/security/cve/CVE-2017-14482 \n\n", "modified": "2017-09-14T16:29:00", "published": "2017-09-14T16:29:00", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/emacs_enriched", "id": "EMACS_ENRICHED", "type": "canvas", "title": "Immunity Canvas: EMACS_ENRICHED", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:40:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2771\n\n\nGNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-September/034579.html\n\n**Affected packages:**\nemacs\nemacs-common\nemacs-el\nemacs-filesystem\nemacs-nox\nemacs-terminal\n\n**Upstream details at:**\n", "edition": 4, "modified": "2017-09-20T12:06:23", "published": "2017-09-20T12:06:23", "href": "http://lists.centos.org/pipermail/centos-announce/2017-September/034579.html", "id": "CESA-2017:2771", "title": "emacs security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-09-21T17:38:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with "Content-Type:\n text/enriched" (bsc#1058425)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2017-09-21T03:07:15", "published": "2017-09-21T03:07:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00077.html", "id": "OPENSUSE-SU-2017:2535-1", "title": "Security update for emacs (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-20T17:10:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with "Content-Type:\n text/enriched" (bsc#1058425)\n\n", "edition": 1, "modified": "2017-09-20T15:08:02", "published": "2017-09-20T15:08:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00074.html", "id": "SUSE-SU-2017:2529-1", "title": "Security update for emacs (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-21T17:38:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with "Content-Type:\n text/enriched" (bsc#1058425)\n\n", "edition": 1, "modified": "2017-09-20T18:09:19", "published": "2017-09-20T18:09:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00075.html", "id": "SUSE-SU-2017:2532-1", "title": "Security update for emacs (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "amazon": [{"lastseen": "2020-11-10T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "**Issue Overview:**\n\nCommand injection flaw within \"enriched mode\" handling: \nA command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. ([CVE-2017-14482 __](<https://access.redhat.com/security/cve/CVE-2017-14482>)) \n\n\n \n**Affected Packages:** \n\n\nemacs\n\n \n**Issue Correction:** \nRun _yum update emacs_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n emacs-common-24.3-20.22.amzn1.i686 \n emacs-24.3-20.22.amzn1.i686 \n emacs-debuginfo-24.3-20.22.amzn1.i686 \n \n noarch: \n emacs-el-24.3-20.22.amzn1.noarch \n \n src: \n emacs-24.3-20.22.amzn1.src \n \n x86_64: \n emacs-24.3-20.22.amzn1.x86_64 \n emacs-common-24.3-20.22.amzn1.x86_64 \n emacs-debuginfo-24.3-20.22.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2017-10-12T20:38:00", "published": "2017-10-12T20:38:00", "id": "ALAS-2017-912", "href": "https://alas.aws.amazon.com/ALAS-2017-912.html", "title": "Important: emacs", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14482"], "description": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "modified": "2018-04-12T03:33:12", "published": "2017-09-19T21:47:10", "id": "RHSA-2017:2771", "href": "https://access.redhat.com/errata/RHSA-2017:2771", "type": "redhat", "title": "(RHSA-2017:2771) Important: emacs security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310873402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873402", "type": "openvas", "title": "Fedora Update for emacs FEDORA-2017-3a568adb31", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_emacs_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for emacs FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873402\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:38 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for emacs FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"emacs on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DM23JSQPJGK3E4IINTRSHJCKR3BYYBA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~25.3~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).", "modified": "2019-03-18T00:00:00", "published": "2017-09-15T00:00:00", "id": "OPENVAS:1361412562310703975", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703975", "type": "openvas", "title": "Debian Security Advisory DSA 3975-1 (emacs25 - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3975.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3975-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703975\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-14482\");\n script_name(\"Debian Security Advisory DSA 3975-1 (emacs25 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-15 00:00:00 +0200 (Fri, 15 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3975.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"emacs25 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.\n\nWe recommend that you upgrade your emacs25 packages.\");\n script_tag(name:\"summary\", value:\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"emacs25\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-bin-common\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-common\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-dbg\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-el\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-lucid\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-lucid-dbg\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-nox\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-nox-dbg\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310811785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811785", "type": "openvas", "title": "RedHat Update for emacs RHSA-2017:2771-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2771-01_emacs.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for emacs RHSA-2017:2771-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811785\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 11:44:37 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for emacs RHSA-2017:2771-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GNU Emacs is a powerful, customizable,\nself-documenting text editor. It provides special code editing features, a scripting\nlanguage (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n * A command injection flaw within the Emacs 'enriched mode' handling has\nbeen discovered. By tricking an unsuspecting user into opening a specially\ncrafted file using Emacs, a remote attacker could exploit this flaw to\nexecute arbitrary commands with the privileges of the Emacs user.\n(CVE-2017-14482)\");\n script_tag(name:\"affected\", value:\"emacs on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2771-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-September/msg00046.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-common\", rpm:\"emacs-common~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-debuginfo\", rpm:\"emacs-debuginfo~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191381", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2019-1381)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1381\");\n script_version(\"2020-01-23T11:41:05+0000\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2019-1381)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1381\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1381\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'emacs' package(s) announced via the EulerOS-SA-2019-1381 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.(CVE-2017-14482)\");\n\n script_tag(name:\"affected\", value:\"'emacs' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~21\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310873428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873428", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-3a568adb31", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_inkscape_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873428\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:03:23 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TI4JQ5S4NHOJ4CJXAZKILZT27DMS3FFZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171235", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2017-1235)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1235\");\n script_version(\"2020-01-23T11:00:20+0000\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2017-1235)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1235\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1235\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'emacs' package(s) announced via the EulerOS-SA-2017-1235 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\");\n\n script_tag(name:\"affected\", value:\"'emacs' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-common\", rpm:\"emacs-common~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310873389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873389", "type": "openvas", "title": "Fedora Update for psiconv FEDORA-2017-3a568adb31", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_psiconv_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for psiconv FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873389\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:04:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for psiconv FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'psiconv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"psiconv on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WWYYBEL5HZOAX6K7BQCKYUNHQNJKTOQC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"psiconv\", rpm:\"psiconv~0.9.8~22.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843794", "type": "openvas", "title": "Ubuntu Update for emacs24 USN-3427-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3427_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for emacs24 USN-3427-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843794\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:21:14 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for emacs24 USN-3427-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3427-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3427-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs24'\n package(s) announced via the USN-3427-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file, an\nattacker could possibly use this to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"emacs24 on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"emacs24\", ver:\"24.3+1-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"emacs24\", ver:\"24.5+1-6ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310873396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873396", "type": "openvas", "title": "Fedora Update for perl-Image-SubImageFind FEDORA-2017-3a568adb31", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_perl-Image-SubImageFind_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for perl-Image-SubImageFind FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873396\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:30 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-Image-SubImageFind FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Image-SubImageFind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-Image-SubImageFind on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RO6WOIFENV3HIOGSLGQNESXPAIYKVSYI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Image-SubImageFind\", rpm:\"perl-Image-SubImageFind~0.03~13.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-09-21T00:00:00", "id": "OPENVAS:1361412562310851621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851621", "type": "openvas", "title": "openSUSE: Security Advisory for emacs (openSUSE-SU-2017:2535-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851621\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-21 07:19:43 +0200 (Thu, 21 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for emacs (openSUSE-SU-2017:2535-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with 'Content-Type:\n text/enriched' (bsc#1058425)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"emacs on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2535-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debuginfo\", rpm:\"emacs-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debugsource\", rpm:\"emacs-debugsource~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox-debuginfo\", rpm:\"emacs-nox-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11\", rpm:\"emacs-x11~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11-debuginfo\", rpm:\"emacs-x11-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags\", rpm:\"etags~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags-debuginfo\", rpm:\"etags-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-el\", rpm:\"emacs-el~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-info\", rpm:\"emacs-info~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debuginfo\", rpm:\"emacs-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debugsource\", rpm:\"emacs-debugsource~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox-debuginfo\", rpm:\"emacs-nox-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11\", rpm:\"emacs-x11~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11-debuginfo\", rpm:\"emacs-x11-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags\", rpm:\"etags~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags-debuginfo\", rpm:\"etags-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-el\", rpm:\"emacs-el~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-info\", rpm:\"emacs-info~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:38:38", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "title": "Debian DLA-1101-1 : emacs23 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2017-09-22T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:emacs23-nox", "p-cpe:/a:debian:debian_linux:emacs23-common", "p-cpe:/a:debian:debian_linux:emacs23-el", "p-cpe:/a:debian:debian_linux:emacs23-lucid", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:emacs23", "p-cpe:/a:debian:debian_linux:emacs23-bin-common"], "id": "DEBIAN_DLA-1101.NASL", "href": "https://www.tenable.com/plugins/nessus/103388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1101-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103388);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"Debian DLA-1101-1 : emacs23 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/emacs23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-bin-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-lucid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"emacs23\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-bin-common\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-common\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-el\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-lucid\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-nox\", reference:\"23.4+1-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:12:38", "description": "rhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 22, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-14T00:00:00", "title": "Fedora 26 : 1:emacs (2017-a1dc0ef38c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2017-09-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-A1DC0EF38C.NASL", "href": "https://www.tenable.com/plugins/nessus/103200", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a1dc0ef38c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103200);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"FEDORA\", value:\"2017-a1dc0ef38c\");\n\n script_name(english:\"Fedora 26 : 1:emacs (2017-a1dc0ef38c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1dc0ef38c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:emacs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"emacs-25.3-1.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:36", "description": "According to the version of the emacs packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A command injection flaw within the Emacs 'enriched\n mode' handling has been discovered. By tricking an\n unsuspecting user into opening a specially crafted file\n using Emacs, a remote attacker could exploit this flaw\n to execute arbitrary commands with the privileges of\n the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-10T00:00:00", "title": "EulerOS 2.0 SP2 : emacs (EulerOS-SA-2017-1236)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2017-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:emacs-filesystem", "p-cpe:/a:huawei:euleros:emacs-common", "p-cpe:/a:huawei:euleros:emacs-nox", "p-cpe:/a:huawei:euleros:emacs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1236.NASL", "href": "https://www.tenable.com/plugins/nessus/103738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103738);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14482\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : emacs (EulerOS-SA-2017-1236)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the emacs packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A command injection flaw within the Emacs 'enriched\n mode' handling has been discovered. By tricking an\n unsuspecting user into opening a specially crafted file\n using Emacs, a remote attacker could exploit this flaw\n to execute arbitrary commands with the privileges of\n the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1236\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87a5a1e4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected emacs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"emacs-24.3-20\",\n \"emacs-common-24.3-20\",\n \"emacs-filesystem-24.3-20\",\n \"emacs-nox-24.3-20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:14:40", "description": "An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "title": "Virtuozzo 7 : emacs / emacs-common / emacs-el / emacs-filesystem / etc (VZLSA-2017-2771)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2018-11-27T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:emacs-el", "p-cpe:/a:virtuozzo:virtuozzo:emacs-nox", "p-cpe:/a:virtuozzo:virtuozzo:emacs", "p-cpe:/a:virtuozzo:virtuozzo:emacs-common", "p-cpe:/a:virtuozzo:virtuozzo:emacs-filesystem", "p-cpe:/a:virtuozzo:virtuozzo:emacs-terminal"], "id": "VIRTUOZZO_VZLSA-2017-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/119225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119225);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-14482\"\n );\n\n script_name(english:\"Virtuozzo 7 : emacs / emacs-common / emacs-el / emacs-filesystem / etc (VZLSA-2017-2771)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2771.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da71d2f6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2771\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected emacs / emacs-common / emacs-el / emacs-filesystem / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"emacs-24.3-20.vl7\",\n \"emacs-common-24.3-20.vl7\",\n \"emacs-el-24.3-20.vl7\",\n \"emacs-filesystem-24.3-20.vl7\",\n \"emacs-nox-24.3-20.vl7\",\n \"emacs-terminal-24.3-20.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-el / emacs-filesystem / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:45:57", "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file\n(e.g., email messages in gnus), an attacker could possibly use this to\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS : emacs24 vulnerability (USN-3427-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:emacs24", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3427-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103417", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3427-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103417);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"USN\", value:\"3427-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : emacs24 vulnerability (USN-3427-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file\n(e.g., email messages in gnus), an attacker could possibly use this to\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3427-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs24 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:emacs24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"emacs24\", pkgver:\"24.3+1-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"emacs24\", pkgver:\"24.5+1-6ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs24\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:08:41", "description": "An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)", "edition": 33, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-20T00:00:00", "title": "RHEL 7 : emacs (RHSA-2017:2771)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:emacs-terminal", "p-cpe:/a:redhat:enterprise_linux:emacs-filesystem", "p-cpe:/a:redhat:enterprise_linux:emacs-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:emacs-el", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:emacs", "p-cpe:/a:redhat:enterprise_linux:emacs-nox", "p-cpe:/a:redhat:enterprise_linux:emacs-common", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2017-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/103352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2771. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103352);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"RHSA\", value:\"2017:2771\");\n\n script_name(english:\"RHEL 7 : emacs (RHSA-2017:2771)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14482\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2771\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-debuginfo-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-debuginfo-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-el-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-filesystem-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-terminal-24.3-20.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-debuginfo / emacs-el / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:45:58", "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file\n(e.g., email messages in gnus), an attacker could possibly use this to\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "title": "Ubuntu 17.04 : emacs25 vulnerability (USN-3428-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.04", "p-cpe:/a:canonical:ubuntu_linux:emacs25"], "id": "UBUNTU_USN-3428-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3428-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103418);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"USN\", value:\"3428-1\");\n\n script_name(english:\"Ubuntu 17.04 : emacs25 vulnerability (USN-3428-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file\n(e.g., email messages in gnus), an attacker could possibly use this to\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3428-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs25 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:emacs25\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"emacs25\", pkgver:\"25.1+1-3ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs25\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:51", "description": "Rebuilt against new ImageMagick\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : 1:emacs (2017-36893b0ea3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2018-01-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:1:emacs"], "id": "FEDORA_2017-36893B0EA3.NASL", "href": "https://www.tenable.com/plugins/nessus/105856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-36893b0ea3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105856);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"FEDORA\", value:\"2017-36893b0ea3\");\n\n script_name(english:\"Fedora 27 : 1:emacs (2017-36893b0ea3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebuilt against new ImageMagick\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-36893b0ea3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:emacs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"emacs-25.3-3.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:50:41", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-13T00:00:00", "title": "Debian DSA-3970-1 : emacs24 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2017-09-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:emacs24", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3970.NASL", "href": "https://www.tenable.com/plugins/nessus/103147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3970. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103147);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"DSA\", value:\"3970\");\n\n script_name(english:\"Debian DSA-3970-1 : emacs24 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/emacs24\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/emacs24\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3970\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the emacs24 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 24.4+1-5+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 24.5+1-11+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"emacs24\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-bin-common\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-common\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-dbg\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-el\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-lucid\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-lucid-dbg\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-nox\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-nox-dbg\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-bin-common\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-common\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-dbg\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-el\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-lucid\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-lucid-dbg\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-nox\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-nox-dbg\", reference:\"24.5+1-11+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T16:35:35", "description": "This update for emacs fixes one issues.\n\nThis security issue was fixed :\n\n - CVE-2017-14482: Remote code execution via mails with\n 'Content-Type: text/enriched' (bsc#1058425)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "title": "openSUSE Security Update : emacs (openSUSE-2017-1078)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14482"], "modified": "2017-09-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:emacs-debugsource", "p-cpe:/a:novell:opensuse:emacs", "p-cpe:/a:novell:opensuse:emacs-nox", "p-cpe:/a:novell:opensuse:etags", "p-cpe:/a:novell:opensuse:emacs-nox-debuginfo", "p-cpe:/a:novell:opensuse:emacs-debuginfo", "p-cpe:/a:novell:opensuse:emacs-x11", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:emacs-info", "p-cpe:/a:novell:opensuse:emacs-x11-debuginfo", "p-cpe:/a:novell:opensuse:etags-debuginfo", "p-cpe:/a:novell:opensuse:emacs-el"], "id": "OPENSUSE-2017-1078.NASL", "href": "https://www.tenable.com/plugins/nessus/103368", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103368);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"openSUSE Security Update : emacs (openSUSE-2017-1078)\");\n script_summary(english:\"Check for the openSUSE-2017-1078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for emacs fixes one issues.\n\nThis security issue was fixed :\n\n - CVE-2017-14482: Remote code execution via mails with\n 'Content-Type: text/enriched' (bsc#1058425)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058425\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-nox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:etags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:etags-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-debugsource-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-el-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-info-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-nox-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-nox-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-x11-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-x11-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"etags-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"etags-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-debuginfo-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-debugsource-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-el-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-info-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-nox-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-nox-debuginfo-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-x11-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-x11-debuginfo-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"etags-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"etags-debuginfo-24.3-28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-debuginfo / emacs-debugsource / emacs-el / emacs-info / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}