ID DEBIAN_DLA-1303.NASL Type nessus Reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
Several functions were extremely slow to evaluate certain inputs due
to catastrophic backtracking vulnerabilities in several regular
expressions.
CVE-2018-7536
The django.utils.html.urlize() function was extremely slow to evaluate
certain inputs due to catastrophic backtracking vulnerabilities in two
regular expressions. The urlize() function is used to implement the
urlize and urlizetrunc template filters, which were thus vulnerable.
The problematic regular expressions are replaced with
parsing logic that behaves similarly.
CVE-2018-7537
If django.utils.text.Truncator’s chars() and words() methods
were passed the html=True argument, they were extremely slow to
evaluate certain inputs due to a catastrophic backtracking
vulnerability in a regular expression. The chars() and words() methods
are used to implement the truncatechars_html and truncatewords_html
template filters, which were thus vulnerable.
The backtracking problem in the regular expression is fixed.
For Debian 7
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1303-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(107242);
script_version("1.3");
script_cvs_date("Date: 2018/08/31 12:25:01");
script_cve_id("CVE-2018-7536", "CVE-2018-7537");
script_name(english:"Debian DLA-1303-1 : python-django security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Several functions were extremely slow to evaluate certain inputs due
to catastrophic backtracking vulnerabilities in several regular
expressions.
CVE-2018-7536
The django.utils.html.urlize() function was extremely slow to evaluate
certain inputs due to catastrophic backtracking vulnerabilities in two
regular expressions. The urlize() function is used to implement the
urlize and urlizetrunc template filters, which were thus vulnerable.
The problematic regular expressions are replaced with
parsing logic that behaves similarly.
CVE-2018-7537
If django.utils.text.Truncator’s chars() and words() methods
were passed the html=True argument, they were extremely slow to
evaluate certain inputs due to a catastrophic backtracking
vulnerability in a regular expression. The chars() and words() methods
are used to implement the truncatechars_html and truncatewords_html
template filters, which were thus vulnerable.
The backtracking problem in the regular expression is fixed.
For Debian 7 'Wheezy', these problems have been fixed in version
1.4.22-1+deb7u4.
We recommend that you upgrade your python-django packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/python-django"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade the affected python-django, and python-django-doc packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django-doc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"python-django", reference:"1.4.22-1+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"python-django-doc", reference:"1.4.22-1+deb7u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DLA-1303.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-1303-1 : python-django security update", "description": "Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 ", "published": "2018-03-09T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/107242", "reporter": "This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "https://packages.debian.org/source/wheezy/python-django"], "cvelist": ["CVE-2018-7536", "CVE-2018-7537"], "type": "nessus", "lastseen": "2019-11-01T02:18:37", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2018-7536", "CVE-2018-7537"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:32:55", "references": [{"idList": ["DEBIAN:DSA-4161-1:21DFF", "DEBIAN:DLA-1303-1:6BD81"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310843470", "OPENVAS:1361412562310704161", "OPENVAS:1361412562310891303"], "type": "openvas"}, {"idList": ["USN-3591-1"], "type": "ubuntu"}, {"idList": ["RHSA-2019:0265", "RHSA-2019:0082", "RHSA-2018:2927", "RHSA-2019:0051"], "type": "redhat"}, {"idList": ["REDHAT-RHSA-2019-0265.NASL", "OPENSUSE-2018-317.NASL", "FEDORA_2018-CCE0E0BD04.NASL", "FEDORA_2018-39CC0BC342.NASL", "DEBIAN_DSA-4161.NASL", "REDHAT-RHSA-2018-2927.NASL", "FEDORA_2018-BD1147F152.NASL", "UBUNTU_USN-3591-1.NASL", "OPENSUSE-2018-318.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-7536", "CVE-2018-7537"], "type": "cve"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "277c8efb3d8ad11a127c146688d0f53af103ee2794a4db7b5dcb5e2fe51c7824", "hashmap": [{"hash": "123c96d5daf3562778fdabf00987de9b", "key": "sourceData"}, {"hash": "881c891cd96a90ac7440d91b7d68b4ee", "key": "title"}, {"hash": "87a625ac38bbd367dbf9bdb6ac23e244", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8165193e25f05a437183304f17d0aaaa", "key": "description"}, {"hash": "7f9acfafcc73b8cbccf3bd4c42a17866", "key": "pluginID"}, {"hash": "8222f8ae770e2263aae79bcdc98e55b6", "key": "cpe"}, {"hash": "72335ad5f731b753e9c3b65c45b15ed0", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1af8f5ddbc79deb31718b69b9d59d5a8", "key": "published"}, {"hash": "4ce01b6f7c2c095bea1f229c244c7ac6", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "c29179f4c4a841a70da1e06f9356b1f4", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107242", "id": "DEBIAN_DLA-1303.NASL", "lastseen": "2019-01-16T20:32:55", "modified": "2018-08-31T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "107242", "published": "2018-03-09T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "https://packages.debian.org/source/wheezy/python-django"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1303-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107242);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"Debian DLA-1303-1 : python-django security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-django\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-django, and python-django-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-django\", reference:\"1.4.22-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-django-doc\", reference:\"1.4.22-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1303-1 : python-django security update", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:32:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2018-7536", "CVE-2018-7537"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Several functions were extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in several regular expressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions. The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with parsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ef9d1b0b9b73316c2b6f29e13745b481e35fc5caacf21dc29f76d499bc4f5853", "hashmap": [{"hash": "881c891cd96a90ac7440d91b7d68b4ee", "key": "title"}, {"hash": "87a625ac38bbd367dbf9bdb6ac23e244", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e9aef7129130bc4f7faad29ef08d8c7c", "key": "modified"}, {"hash": "683b41ab417b66201c28b312722fef69", "key": "description"}, {"hash": "c519e0881a1c411dbd7781ea5589940c", "key": "sourceData"}, {"hash": "7f9acfafcc73b8cbccf3bd4c42a17866", "key": "pluginID"}, {"hash": "8222f8ae770e2263aae79bcdc98e55b6", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1af8f5ddbc79deb31718b69b9d59d5a8", "key": "published"}, {"hash": "4ce01b6f7c2c095bea1f229c244c7ac6", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "c29179f4c4a841a70da1e06f9356b1f4", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107242", "id": "DEBIAN_DLA-1303.NASL", "lastseen": "2018-03-30T13:17:11", "modified": "2018-03-27T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "107242", "published": "2018-03-09T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "https://packages.debian.org/source/wheezy/python-django"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1303-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107242);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/03/27 20:24:42\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"Debian DLA-1303-1 : python-django security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-django\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-django, and python-django-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-django\", reference:\"1.4.22-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-django-doc\", reference:\"1.4.22-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1303-1 : python-django security update", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-03-30T13:17:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2018-7536", "CVE-2018-7537"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "description": "Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 ", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T20:03:34", "references": [{"idList": ["DEBIAN:DSA-4161-1:21DFF", "DEBIAN:DLA-1303-1:6BD81"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310843470", "OPENVAS:1361412562310704161", "OPENVAS:1361412562310891303"], "type": "openvas"}, {"idList": ["USN-3591-1"], "type": "ubuntu"}, {"idList": ["RHSA-2019:0265", "RHSA-2019:0082", "RHSA-2018:2927", "RHSA-2019:0051"], "type": "redhat"}, {"idList": ["REDHAT-RHSA-2019-0265.NASL", "OPENSUSE-2018-317.NASL", "FEDORA_2018-CCE0E0BD04.NASL", "FEDORA_2018-39CC0BC342.NASL", "DEBIAN_DSA-4161.NASL", "REDHAT-RHSA-2018-2927.NASL", "FEDORA_2018-BD1147F152.NASL", "UBUNTU_USN-3591-1.NASL", "OPENSUSE-2018-318.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-7536", "CVE-2018-7537"], "type": "cve"}]}, "score": {"modified": "2019-10-28T20:03:34", "value": 6.6, "vector": "NONE"}}, "hash": "4dca982c87ecdc2f4792d83c316feb09296fc30cdc6d9f23b1e6bfb6aef6d8b3", "hashmap": [{"hash": "123c96d5daf3562778fdabf00987de9b", "key": "sourceData"}, {"hash": "881c891cd96a90ac7440d91b7d68b4ee", "key": "title"}, {"hash": "87a625ac38bbd367dbf9bdb6ac23e244", "key": "references"}, {"hash": "205fa18cac3fc8ebbd32824afb096581", "key": "reporter"}, {"hash": "7f9acfafcc73b8cbccf3bd4c42a17866", "key": "pluginID"}, {"hash": "8222f8ae770e2263aae79bcdc98e55b6", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "1af8f5ddbc79deb31718b69b9d59d5a8", "key": "published"}, {"hash": "4ce01b6f7c2c095bea1f229c244c7ac6", "key": "cvelist"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "0364a8024cd49fc918c18a8f872be02c", "key": "href"}, {"hash": "987542fc0526d2d7f8c3d09f8a777e3f", "key": "description"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/107242", "id": "DEBIAN_DLA-1303.NASL", "lastseen": "2019-10-28T20:03:34", "modified": "2019-10-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "107242", "published": "2018-03-09T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "https://packages.debian.org/source/wheezy/python-django"], "reporter": "This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1303-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107242);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"Debian DLA-1303-1 : python-django security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-django\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-django, and python-django-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-django\", reference:\"1.4.22-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-django-doc\", reference:\"1.4.22-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1303-1 : python-django security update", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T20:03:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2018-7536", "CVE-2018-7537"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Several functions were extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in several regular expressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions. The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with parsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"modified": "2018-03-27T11:09:05", "value": 5.9, "vector": "AV:L/AC:H/Au:M/C:C/I:C/A:C/"}}, "hash": "05650f8acd428dd8e9db261cd81bd880df87787bba271d69d71134f9cf8e0b3a", "hashmap": [{"hash": "881c891cd96a90ac7440d91b7d68b4ee", "key": "title"}, {"hash": "87a625ac38bbd367dbf9bdb6ac23e244", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "683b41ab417b66201c28b312722fef69", "key": "description"}, {"hash": "1af8f5ddbc79deb31718b69b9d59d5a8", "key": "modified"}, {"hash": "7f9acfafcc73b8cbccf3bd4c42a17866", "key": "pluginID"}, {"hash": "8222f8ae770e2263aae79bcdc98e55b6", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1af8f5ddbc79deb31718b69b9d59d5a8", "key": "published"}, {"hash": "4ce01b6f7c2c095bea1f229c244c7ac6", "key": "cvelist"}, {"hash": "fd73038367e08695d866de9329247af7", "key": "sourceData"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "c29179f4c4a841a70da1e06f9356b1f4", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107242", "id": "DEBIAN_DLA-1303.NASL", "lastseen": "2018-03-27T11:09:05", "modified": "2018-03-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "107242", "published": "2018-03-09T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "https://packages.debian.org/source/wheezy/python-django"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1303-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107242);\n script_version(\"1.1\");\n script_cvs_date(\"2018/03/09 11:17:04\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"Debian DLA-1303-1 : python-django security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-django\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-django, and python-django-doc packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-django\", reference:\"1.4.22-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-django-doc\", reference:\"1.4.22-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1303-1 : python-django security update", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-03-27T11:09:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2018-7536", "CVE-2018-7537"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Several functions were extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in several regular expressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions. The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with parsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e052fd9e74eb116bf1529c1d3f703c684145ef9e0df4f64a9322be1ddfaac1de", "hashmap": [{"hash": "881c891cd96a90ac7440d91b7d68b4ee", "key": "title"}, {"hash": "87a625ac38bbd367dbf9bdb6ac23e244", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e9aef7129130bc4f7faad29ef08d8c7c", "key": "modified"}, {"hash": "683b41ab417b66201c28b312722fef69", "key": "description"}, {"hash": "c519e0881a1c411dbd7781ea5589940c", "key": "sourceData"}, {"hash": "7f9acfafcc73b8cbccf3bd4c42a17866", "key": "pluginID"}, {"hash": "8222f8ae770e2263aae79bcdc98e55b6", "key": "cpe"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1af8f5ddbc79deb31718b69b9d59d5a8", "key": "published"}, {"hash": "4ce01b6f7c2c095bea1f229c244c7ac6", "key": "cvelist"}, {"hash": "c29179f4c4a841a70da1e06f9356b1f4", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107242", "id": "DEBIAN_DLA-1303.NASL", "lastseen": "2018-08-30T19:43:48", "modified": "2018-03-27T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "107242", "published": "2018-03-09T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "https://packages.debian.org/source/wheezy/python-django"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1303-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107242);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/03/27 20:24:42\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"Debian DLA-1303-1 : python-django security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-django\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-django, and python-django-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-django\", reference:\"1.4.22-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-django-doc\", reference:\"1.4.22-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1303-1 : python-django security update", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss", "modified", "sourceData"], "edition": 4, "lastseen": "2018-08-30T19:43:48"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "8222f8ae770e2263aae79bcdc98e55b6"}, {"key": "cvelist", "hash": "4ce01b6f7c2c095bea1f229c244c7ac6"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "description", "hash": "987542fc0526d2d7f8c3d09f8a777e3f"}, {"key": "href", "hash": "0364a8024cd49fc918c18a8f872be02c"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "7f9acfafcc73b8cbccf3bd4c42a17866"}, {"key": "published", "hash": "1af8f5ddbc79deb31718b69b9d59d5a8"}, {"key": "references", "hash": "87a625ac38bbd367dbf9bdb6ac23e244"}, {"key": "reporter", "hash": "205fa18cac3fc8ebbd32824afb096581"}, {"key": "sourceData", "hash": "123c96d5daf3562778fdabf00987de9b"}, {"key": "title", "hash": "881c891cd96a90ac7440d91b7d68b4ee"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "3617034fcc7e1fdaea5e9debd78e3abe4638da98a78675d4a874fea01dfc4101", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-7536", "CVE-2018-7537"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843470", "OPENVAS:1361412562310704161", "OPENVAS:1361412562310891303"]}, {"type": "nessus", "idList": ["FEDORA_2018-BD1147F152.NASL", "UBUNTU_USN-3591-1.NASL", "FEDORA_2018-39CC0BC342.NASL", "FEDORA_2018-CCE0E0BD04.NASL", "DEBIAN_DSA-4161.NASL", "REDHAT-RHSA-2019-0265.NASL", "OPENSUSE-2018-317.NASL", "OPENSUSE-2018-318.NASL", "REDHAT-RHSA-2018-2927.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1303-1:6BD81", "DEBIAN:DSA-4161-1:21DFF"]}, {"type": "ubuntu", "idList": ["USN-3591-1"]}, {"type": "redhat", "idList": ["RHSA-2019:0265", "RHSA-2019:0051", "RHSA-2019:0082", "RHSA-2018:2927"]}], "modified": "2019-11-01T02:18:37"}, "score": {"value": 6.6, "vector": "NONE", "modified": "2019-11-01T02:18:37"}, "vulnersScore": 6.6}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1303-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107242);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"Debian DLA-1303-1 : python-django security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several functions were extremely slow to evaluate certain inputs due\nto catastrophic backtracking vulnerabilities in several regular\nexpressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the\nurlize and urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with\nparsing logic that behaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator’s chars() and words() methods\nwere passed the html=True argument, they were extremely slow to\nevaluate certain inputs due to a catastrophic backtracking\nvulnerability in a regular expression. The chars() and words() methods\nare used to implement the truncatechars_html and truncatewords_html\ntemplate filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-django\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-django, and python-django-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-django\", reference:\"1.4.22-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-django-doc\", reference:\"1.4.22-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "107242", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:7.0"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:20:29", "bulletinFamily": "NVD", "description": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.", "modified": "2019-02-28T21:21:00", "id": "CVE-2018-7536", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7536", "published": "2018-03-09T20:29:00", "title": "CVE-2018-7536", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:20:29", "bulletinFamily": "NVD", "description": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", "modified": "2019-02-28T22:37:00", "id": "CVE-2018-7537", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7537", "published": "2018-03-09T20:29:00", "title": "CVE-2018-7537", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310843470", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843470", "title": "Ubuntu Update for python-django USN-3591-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3591_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for python-django USN-3591-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843470\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:30:56 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python-django USN-3591-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-django'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"James Davis discovered that Django\n incorrectly handled certain template filters. A remote attacker could possibly\n use this issue to cause Django to consume resources, resulting in a denial of\n service.\");\n script_tag(name:\"affected\", value:\"python-django on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3591-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3591-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.6.11-0ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1:1.11.4-1ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-django\", ver:\"1:1.11.4-1ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.8.7-1ubuntu5.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-django\", ver:\"1.8.7-1ubuntu5.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-04T18:55:31", "bulletinFamily": "scanner", "description": "James Davis discovered two issues in Django, a high-level Python web\ndevelopment framework, that can lead to a denial-of-service attack.\nAn attacker with control on the input of the django.utils.html.urlize()\nfunction or django.utils.text.Truncator", "modified": "2019-07-04T00:00:00", "published": "2018-04-01T00:00:00", "id": "OPENVAS:1361412562310704161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704161", "title": "Debian Security Advisory DSA 4161-1 (python-django - security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4161-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704161\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_name(\"Debian Security Advisory DSA 4161-1 (python-django - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-01 00:00:00 +0200 (Sun, 01 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4161.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB[89]\");\n script_tag(name:\"affected\", value:\"python-django on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 1.7.11-1+deb8u3.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:1.10.7-2+deb9u1.\n\nWe recommend that you upgrade your python-django packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/python-django\");\n script_tag(name:\"summary\", value:\"James Davis discovered two issues in Django, a high-level Python web\ndevelopment framework, that can lead to a denial-of-service attack.\nAn attacker with control on the input of the django.utils.html.urlize()\nfunction or django.utils.text.Truncator's chars() and words() methods\ncould craft a string that might stuck the execution of the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"python-django\", ver:\"1.7.11-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-django-common\", ver:\"1.7.11-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.7.11-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-django\", ver:\"1.7.11-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-django\", ver:\"1:1.10.7-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-django-common\", ver:\"1:1.10.7-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1:1.10.7-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-django\", ver:\"1:1.10.7-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:38", "bulletinFamily": "scanner", "description": "Several functions were extremely slow to evaluate certain inputs due to\ncatastrophic backtracking vulnerabilities in several regular expressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the urlize\nand urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with parsing logic that\nbehaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator", "modified": "2019-03-18T00:00:00", "published": "2018-03-27T00:00:00", "id": "OPENVAS:1361412562310891303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891303", "title": "Debian LTS Advisory ([SECURITY] [DLA 1303-1] python-django security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1303.nasl 14281 2019-03-18 14:53:48Z cfischer $\n#\n# Auto-generated from advisory DLA 1303-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891303\");\n script_version(\"$Revision: 14281 $\");\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1303-1] python-django security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:53:48 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-27 00:00:00 +0200 (Tue, 27 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"python-django on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\");\n script_tag(name:\"summary\", value:\"Several functions were extremely slow to evaluate certain inputs due to\ncatastrophic backtracking vulnerabilities in several regular expressions.\n\nCVE-2018-7536\n\nThe django.utils.html.urlize() function was extremely slow to evaluate\ncertain inputs due to catastrophic backtracking vulnerabilities in two\nregular expressions. The urlize() function is used to implement the urlize\nand urlizetrunc template filters, which were thus vulnerable.\n\nThe problematic regular expressions are replaced with parsing logic that\nbehaves similarly.\n\nCVE-2018-7537\n\nIf django.utils.text.Truncator's chars() and words() methods were passed\nthe html=True argument, they were extremely slow to evaluate certain inputs\ndue to a catastrophic backtracking vulnerability in a regular expression.\nThe chars() and words() methods are used to implement the truncatechars_html\nand truncatewords_html template filters, which were thus vulnerable.\n\nThe backtracking problem in the regular expression is fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.4.22-1+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.4.22-1+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:31:57", "bulletinFamily": "scanner", "description": "update to 1.11.11, fix CVE-2018-7536, CVE-2018-7537\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2018-BD1147F152.NASL", "href": "https://www.tenable.com/plugins/nessus/108390", "published": "2018-03-16T00:00:00", "title": "Fedora 27 : python-django (2018-bd1147f152)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-bd1147f152.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108390);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/23 11:21:08\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"FEDORA\", value:\"2018-bd1147f152\");\n\n script_name(english:\"Fedora 27 : python-django (2018-bd1147f152)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to 1.11.11, fix CVE-2018-7536, CVE-2018-7537\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd1147f152\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"python-django-1.11.11-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:30:02", "bulletinFamily": "scanner", "description": "Update to 1.11.11 security release (CVE-2018-7536 CVE-2018-7537)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2018-39CC0BC342.NASL", "href": "https://www.tenable.com/plugins/nessus/120357", "published": "2019-01-03T00:00:00", "title": "Fedora 28 : python2-django1.11 (2018-39cc0bc342)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-39cc0bc342.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120357);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/25 17:12:11\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"FEDORA\", value:\"2018-39cc0bc342\");\n\n script_name(english:\"Fedora 28 : python2-django1.11 (2018-39cc0bc342)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.11.11 security release (CVE-2018-7536 CVE-2018-7537)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-39cc0bc342\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python2-django1.11 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python2-django1.11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"python2-django1.11-1.11.11-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2-django1.11\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:32:48", "bulletinFamily": "scanner", "description": "James Davis discovered that Django incorrectly handled certain\ntemplate filters. A remote attacker could possibly use this issue to\ncause Django to consume resources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-3591-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107194", "published": "2018-03-07T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : python-django vulnerabilities (USN-3591-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3591-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107194);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"USN\", value:\"3591-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : python-django vulnerabilities (USN-3591-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"James Davis discovered that Django incorrectly handled certain\ntemplate filters. A remote attacker could possibly use this issue to\ncause Django to consume resources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3591-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django and / or python3-django packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-django\", pkgver:\"1.6.11-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python-django\", pkgver:\"1.8.7-1ubuntu5.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3-django\", pkgver:\"1.8.7-1ubuntu5.6\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"python-django\", pkgver:\"1:1.11.4-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"python3-django\", pkgver:\"1:1.11.4-1ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django / python3-django\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:32:06", "bulletinFamily": "scanner", "description": "update to 2.0.3, fix CVE-2018-7536 (rhbz#1552178)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2018-CCE0E0BD04.NASL", "href": "https://www.tenable.com/plugins/nessus/120798", "published": "2019-01-03T00:00:00", "title": "Fedora 28 : python-django (2018-cce0e0bd04)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-cce0e0bd04.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120798);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/23 11:21:08\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"FEDORA\", value:\"2018-cce0e0bd04\");\n\n script_name(english:\"Fedora 28 : python-django (2018-cce0e0bd04)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to 2.0.3, fix CVE-2018-7536 (rhbz#1552178)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-cce0e0bd04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"python-django-2.0.3-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:22:29", "bulletinFamily": "scanner", "description": "James Davis discovered two issues in Django, a high-level Python web\ndevelopment framework, that can lead to a denial-of-service attack. An\nattacker with control on the input of the django.utils.html.urlize()\nfunction or django.utils.text.Truncator", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-4161.NASL", "href": "https://www.tenable.com/plugins/nessus/108773", "published": "2018-04-02T00:00:00", "title": "Debian DSA-4161-1 : python-django - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4161. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108773);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"DSA\", value:\"4161\");\n\n script_name(english:\"Debian DSA-4161-1 : python-django - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"James Davis discovered two issues in Django, a high-level Python web\ndevelopment framework, that can lead to a denial-of-service attack. An\nattacker with control on the input of the django.utils.html.urlize()\nfunction or django.utils.text.Truncator's chars() and words() methods\ncould craft a string that might stuck the execution of the\napplication.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/python-django\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22eb32f6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/python-django\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/python-django\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4161\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python-django packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 1.7.11-1+deb8u3.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:1.10.7-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"python-django\", reference:\"1.7.11-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-django-common\", reference:\"1.7.11-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-django-doc\", reference:\"1.7.11-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-django\", reference:\"1.7.11-1+deb8u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-django\", reference:\"1:1.10.7-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-django-common\", reference:\"1:1.10.7-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-django-doc\", reference:\"1:1.10.7-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-django\", reference:\"1:1.10.7-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:25:49", "bulletinFamily": "scanner", "description": "Updated packages are now available for Red Hat Gluster Storage 3.4 Web\nAdministration Batch Update 3 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Gluster Storage Web Administration includes a fully automated\nsetup based on Ansible and provides deep metrics and insights into\nactive Gluster storage pools by using the Grafana platform. Red Hat\nGluster Storage WebAdministration provides a dashboard view which\nallows an administrator to get a view of overall gluster health in\nterms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es) :\n\n* django: Catastrophic backtracking in regular expressions via\n", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2019-0265.NASL", "href": "https://www.tenable.com/plugins/nessus/121606", "published": "2019-02-06T00:00:00", "title": "RHEL 7 : Storage Server (RHSA-2019:0265)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0265. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121606);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2018-14574\", \"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"RHSA\", value:\"2019:0265\");\n\n script_name(english:\"RHEL 7 : Storage Server (RHSA-2019:0265)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated packages are now available for Red Hat Gluster Storage 3.4 Web\nAdministration Batch Update 3 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Gluster Storage Web Administration includes a fully automated\nsetup based on Ansible and provides deep metrics and insights into\nactive Gluster storage pools by using the Grafana platform. Red Hat\nGluster Storage WebAdministration provides a dashboard view which\nallows an administrator to get a view of overall gluster health in\nterms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es) :\n\n* django: Catastrophic backtracking in regular expressions via\n'urlize' and 'urlizetrunc' (CVE-2018-7536)\n\n* django: Catastrophic backtracking in regular expressions via\n'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)\n\n* django: Open redirect possibility in CommonMiddleware\n(CVE-2018-14574)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank the Django project for reporting\nCVE-2018-7536 and CVE-2018-7537.\n\nUsers of Red Hat Gluster Storage Web Administration with Red Hat\nGluster Storage are advised to upgrade to this updated package to fix\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14574\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tendrl-collectd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tendrl-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tendrl-node-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tendrl-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0265\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"glusterfs-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Storage Server\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"tendrl-collectd-selinux-1.5.4-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tendrl-commons-1.6.3-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tendrl-node-agent-1.6.3-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tendrl-selinux-1.5.4-3.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tendrl-collectd-selinux / tendrl-commons / tendrl-node-agent / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-11-01T03:03:50", "bulletinFamily": "scanner", "description": "This update for python3-Django to version 1.18.18 fixes multiple\nissues. Security issues fixed :\n\n - CVE-2018-7537: Fixed catastrophic backtracking in\n django.utils.text.Truncator. (bsc#1083305)\n\n - CVE-2018-7536: Fixed catastrophic backtracking in urlize\n and urlizetrunc template filters (bsc#1083304).\n\n - CVE-2016-7401: CSRF protection bypass on a site with\n Google Analytics (bsc#1001374).\n\n - CVE-2016-2513: User enumeration through timing\n difference on password hasher work factor upgrade\n (bsc#968000).\n\n - CVE-2016-2512: Fixed malicious redirect and possible XSS\n attack via user-supplied redirect URLs containing basic\n auth (bsc#967999).\n\n - CVE-2016-9013: User with hardcoded password created when\n running tests on Oracle (bsc#1008050).\n\n - CVE-2016-9014: DNS rebinding vulnerability when\n DEBUG=True (bsc#1008047).\n\n - CVE-2017-7234: Open redirect vulnerability in\n django.views.static.serve() (bsc#1031451).\n\n - CVE-2017-7233: Open redirect and possible XSS attack via\n user-supplied numeric redirect URLs (bsc#1031450).\n\n - CVE-2017-12794: Fixed XSS possibility in traceback\n section of technical 500 debug page (bsc#1056284)", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2018-318.NASL", "href": "https://www.tenable.com/plugins/nessus/108641", "published": "2018-03-27T00:00:00", "title": "openSUSE Security Update : python3-Django (openSUSE-2018-318)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-318.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108641);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/05 23:25:08\");\n\n script_cve_id(\"CVE-2016-2048\", \"CVE-2016-2512\", \"CVE-2016-2513\", \"CVE-2016-6186\", \"CVE-2016-7401\", \"CVE-2016-9013\", \"CVE-2016-9014\", \"CVE-2017-12794\", \"CVE-2017-7233\", \"CVE-2017-7234\", \"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"openSUSE Security Update : python3-Django (openSUSE-2018-318)\");\n script_summary(english:\"Check for the openSUSE-2018-318 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python3-Django to version 1.18.18 fixes multiple\nissues. Security issues fixed :\n\n - CVE-2018-7537: Fixed catastrophic backtracking in\n django.utils.text.Truncator. (bsc#1083305)\n\n - CVE-2018-7536: Fixed catastrophic backtracking in urlize\n and urlizetrunc template filters (bsc#1083304).\n\n - CVE-2016-7401: CSRF protection bypass on a site with\n Google Analytics (bsc#1001374).\n\n - CVE-2016-2513: User enumeration through timing\n difference on password hasher work factor upgrade\n (bsc#968000).\n\n - CVE-2016-2512: Fixed malicious redirect and possible XSS\n attack via user-supplied redirect URLs containing basic\n auth (bsc#967999).\n\n - CVE-2016-9013: User with hardcoded password created when\n running tests on Oracle (bsc#1008050).\n\n - CVE-2016-9014: DNS rebinding vulnerability when\n DEBUG=True (bsc#1008047).\n\n - CVE-2017-7234: Open redirect vulnerability in\n django.views.static.serve() (bsc#1031451).\n\n - CVE-2017-7233: Open redirect and possible XSS attack via\n user-supplied numeric redirect URLs (bsc#1031450).\n\n - CVE-2017-12794: Fixed XSS possibility in traceback\n section of technical 500 debug page (bsc#1056284)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968000\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3-Django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-Django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python3-Django-1.8.19-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-Django\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:03:50", "bulletinFamily": "scanner", "description": "This update for python-Django to version 1.18.18 fixes multiple\nissues. Security issues fixed :\n\n - CVE-2018-7537: Fixed catastrophic backtracking in\n django.utils.text.Truncator. (bsc#1083305)\n\n - CVE-2018-7536: Fixed catastrophic backtracking in urlize\n and urlizetrunc template filters (bsc#1083304).\n\n - CVE-2016-7401: CSRF protection bypass on a site with\n Google Analytics (bsc#1001374).\n\n - CVE-2016-2513: User enumeration through timing\n difference on password hasher work factor upgrade\n (bsc#968000).\n\n - CVE-2016-2512: Fixed malicious redirect and possible XSS\n attack via user-supplied redirect URLs containing basic\n auth (bsc#967999).\n\n - CVE-2016-9013: User with hardcoded password created when\n running tests on Oracle (bsc#1008050).\n\n - CVE-2016-9014: DNS rebinding vulnerability when\n DEBUG=True (bsc#1008047).\n\n - CVE-2017-7234: Open redirect vulnerability in\n django.views.static.serve() (bsc#1031451).\n\n - CVE-2017-7233: Open redirect and possible XSS attack via\n user-supplied numeric redirect URLs (bsc#1031450).\n\n - CVE-2017-12794: Fixed XSS possibility in traceback\n section of technical 500 debug page (bsc#1056284)", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2018-317.NASL", "href": "https://www.tenable.com/plugins/nessus/108640", "published": "2018-03-27T00:00:00", "title": "openSUSE Security Update : python-Django (openSUSE-2018-317)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-317.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108640);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/05 23:25:08\");\n\n script_cve_id(\"CVE-2016-2048\", \"CVE-2016-2512\", \"CVE-2016-2513\", \"CVE-2016-6186\", \"CVE-2016-7401\", \"CVE-2016-9013\", \"CVE-2016-9014\", \"CVE-2017-12794\", \"CVE-2017-7233\", \"CVE-2017-7234\", \"CVE-2018-7536\", \"CVE-2018-7537\");\n\n script_name(english:\"openSUSE Security Update : python-Django (openSUSE-2018-317)\");\n script_summary(english:\"Check for the openSUSE-2018-317 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python-Django to version 1.18.18 fixes multiple\nissues. Security issues fixed :\n\n - CVE-2018-7537: Fixed catastrophic backtracking in\n django.utils.text.Truncator. (bsc#1083305)\n\n - CVE-2018-7536: Fixed catastrophic backtracking in urlize\n and urlizetrunc template filters (bsc#1083304).\n\n - CVE-2016-7401: CSRF protection bypass on a site with\n Google Analytics (bsc#1001374).\n\n - CVE-2016-2513: User enumeration through timing\n difference on password hasher work factor upgrade\n (bsc#968000).\n\n - CVE-2016-2512: Fixed malicious redirect and possible XSS\n attack via user-supplied redirect URLs containing basic\n auth (bsc#967999).\n\n - CVE-2016-9013: User with hardcoded password created when\n running tests on Oracle (bsc#1008050).\n\n - CVE-2016-9014: DNS rebinding vulnerability when\n DEBUG=True (bsc#1008047).\n\n - CVE-2017-7234: Open redirect vulnerability in\n django.views.static.serve() (bsc#1031451).\n\n - CVE-2017-7233: Open redirect and possible XSS attack via\n user-supplied numeric redirect URLs (bsc#1031450).\n\n - CVE-2017-12794: Fixed XSS possibility in traceback\n section of technical 500 debug page (bsc#1056284)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968000\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-Django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-Django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-Django-1.8.19-6.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-Django\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:24:41", "bulletinFamily": "scanner", "description": "An update is now available for Red Hat Satellite 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized\ntool.\n\nSecurity Fix(es) :\n\n* jackson-databind: Unsafe deserialization due to incomplete black\nlist (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)\n\n* bouncycastle: Information disclosure in GCMBlockCipher\n(CVE-2015-6644)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during\nsignature verification allowing for injection of unsigned data\n(CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class\n(CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via\ntiming attack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of\nsignature (CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode\n(CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle\nattack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated\n(CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode\n(CVE-2016-1000352)\n\n* logback: Serialization vulnerability in SocketServer and\nServerSocketReceiver (CVE-2017-5929)\n\n* python-django: Open redirect and possible XSS attack via\nuser-supplied numeric redirect URLs (CVE-2017-7233)\n\n* hibernate-validator: Privilege escalation when running under the\nsecurity manager (CVE-2017-7536)\n\n* puppet: Environment leakage in puppet-agent (CVE-2017-10690)\n\n* Satellite 6: XSS in discovery rule filter autocomplete functionality\n(CVE-2017-12175)\n\n* foreman: Stored XSS in fact name or value (CVE-2017-15100)\n\n* pulp: sensitive credentials revealed through the API (CVE-2018-1090)\n\n* foreman: SQL injection due to improper handling of the widget id\nparameter (CVE-2018-1096)\n\n* foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)\n\n* django: Catastrophic backtracking in regular expressions via\n", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2018-2927.NASL", "href": "https://www.tenable.com/plugins/nessus/118185", "published": "2018-10-18T00:00:00", "title": "RHEL 7 : Satellite Server (RHSA-2018:2927)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2927. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118185);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2015-3208\", \"CVE-2015-6644\", \"CVE-2016-1000338\", \"CVE-2016-1000339\", \"CVE-2016-1000340\", \"CVE-2016-1000341\", \"CVE-2016-1000342\", \"CVE-2016-1000343\", \"CVE-2016-1000344\", \"CVE-2016-1000345\", \"CVE-2016-1000346\", \"CVE-2016-1000352\", \"CVE-2017-10689\", \"CVE-2017-10690\", \"CVE-2017-12175\", \"CVE-2017-15095\", \"CVE-2017-15100\", \"CVE-2017-5929\", \"CVE-2017-7233\", \"CVE-2017-7536\", \"CVE-2018-10237\", \"CVE-2018-1090\", \"CVE-2018-1096\", \"CVE-2018-1097\", \"CVE-2018-5382\", \"CVE-2018-7536\", \"CVE-2018-7537\");\n script_xref(name:\"RHSA\", value:\"2018:2927\");\n\n script_name(english:\"RHEL 7 : Satellite Server (RHSA-2018:2927)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat Satellite 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized\ntool.\n\nSecurity Fix(es) :\n\n* jackson-databind: Unsafe deserialization due to incomplete black\nlist (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)\n\n* bouncycastle: Information disclosure in GCMBlockCipher\n(CVE-2015-6644)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during\nsignature verification allowing for injection of unsigned data\n(CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class\n(CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via\ntiming attack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of\nsignature (CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode\n(CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle\nattack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated\n(CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode\n(CVE-2016-1000352)\n\n* logback: Serialization vulnerability in SocketServer and\nServerSocketReceiver (CVE-2017-5929)\n\n* python-django: Open redirect and possible XSS attack via\nuser-supplied numeric redirect URLs (CVE-2017-7233)\n\n* hibernate-validator: Privilege escalation when running under the\nsecurity manager (CVE-2017-7536)\n\n* puppet: Environment leakage in puppet-agent (CVE-2017-10690)\n\n* Satellite 6: XSS in discovery rule filter autocomplete functionality\n(CVE-2017-12175)\n\n* foreman: Stored XSS in fact name or value (CVE-2017-15100)\n\n* pulp: sensitive credentials revealed through the API (CVE-2018-1090)\n\n* foreman: SQL injection due to improper handling of the widget id\nparameter (CVE-2018-1096)\n\n* foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)\n\n* django: Catastrophic backtracking in regular expressions via\n'urlize' and 'urlizetrunc' (CVE-2018-7536)\n\n* django: Catastrophic backtracking in regular expressions via\n'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and\nCompoundOrdering classes allow remote attackers to cause a denial of\nservice (CVE-2018-10237)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class\n(CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by\ndefault (CVE-2016-1000343)\n\n* puppet: Unpacking of tarballs in tar/mini.rb can create files with\ninsecure permissions (CVE-2017-10689)\n\n* bouncycastle: BKS-V1 keystore files vulnerable to trivial hash\ncollisions (CVE-2018-5382)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting\nCVE-2017-15095; and the Django project for reporting CVE-2017-7233,\nCVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was\ndiscovered by Gunnar Morling (Red Hat); and the CVE-2018-1096 issue\nwas discovered by Martin Povolny (Red Hat). Red Hat would also like to\nthank David Jorm (IIX Product Security) for reporting CVE-2015-3208.\n\nAdditional Changes :\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Release Notes\ndocument linked to in the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e28b4d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-7537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10237\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SOAPpy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:createrepo_c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:createrepo_c-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-installer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-journald\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-openstack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-ovirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-rackspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-telemetry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-vmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hfsplus-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hfsplus-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-certs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-installer-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kobo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwebsockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:liquibase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:livecd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_xsendfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_xsendfile-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ostree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ostree-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-admin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-maintenance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppet-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppetserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-billiard-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-blinker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-crane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-flask\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-fpconst\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-gofer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-imgcreate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-isodate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-itsdangerous\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-jinja2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-kid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-mongoengine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-nectar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-oauth2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-okaara\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pymongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pymongo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qpid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qpid-proton\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-saslwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-semantic_version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-simplejson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-twisted-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-twisted-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-twisted-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-werkzeug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-zope-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-zope-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-amqp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-billiard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-celery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-kombu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-vine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-proton-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-proton-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:repoview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ansi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-clamp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-concurrent-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-facter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ffi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-hashie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-highline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-kafo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_wizards\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-netrc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-newt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-oauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rb-inotify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_remote_isc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery_image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dynflow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_remote_execution_ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-tilt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:saslwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:saslwrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-capsule\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-installer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-arel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-builder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-script\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-script-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-concurrent-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-crass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-erubi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-execjs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-globalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-loofah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-method_source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mime-types\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mime-types-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mini_mime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-multi_json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mustermann\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nio4r\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nio4r-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nokogiri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nokogiri-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack-protection\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails-dom-testing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails-html-sanitizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sinatra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sprockets-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sqlite3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-thor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-thread_safe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-tilt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-turbolinks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-tzinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-driver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-ror51-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-autoparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-awesome_print\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bastion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-docker-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-extlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-digitalocean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-rackspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xenserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-redhat_access\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_csv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-launchy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-qpid_messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-qpid_messaging-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-trollop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-useragent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-wicked\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-x-editable-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2927\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"katello-agent-3.3\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"SOAPpy-0.11.6-17.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ansiblerole-insights-client-1.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"candlepin-2.4.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"candlepin-selinux-2.4.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"createrepo_c-0.7.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"createrepo_c-debuginfo-0.7.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"createrepo_c-libs-0.7.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-bootloaders-redhat-201801241201-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-bootloaders-redhat-tftpboot-201801241201-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-cli-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-compute-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-debug-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-ec2-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-gce-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-installer-1.18.0.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-installer-katello-3.7.0.10-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-journald-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-libvirt-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-openstack-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-ovirt-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-postgresql-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-proxy-1.18.0.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-proxy-content-3.7.0-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-rackspace-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-selinux-1.18.0.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-telemetry-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"foreman-vmware-1.18.0.37-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"hfsplus-tools-332.14-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"hfsplus-tools-debuginfo-332.14-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-3.7.0-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-certs-tools-2.4.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-client-bootstrap-1.6.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-common-3.7.0-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-debug-3.7.0-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-installer-base-3.7.0.10-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-selinux-3.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"katello-service-3.7.0-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kobo-0.5.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libwebsockets-2.1.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libwebsockets-debuginfo-2.1.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"liquibase-3.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"livecd-tools-20.4-1.6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_passenger-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_xsendfile-0.12-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_xsendfile-debuginfo-0.12-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ostree-2017.1-2.atomic.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ostree-debuginfo-2017.1-2.atomic.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pcp-mmvstatsd-0.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-admin-client-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-docker-admin-extensions-3.1.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-docker-plugins-3.1.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-katello-1.0.2-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-maintenance-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-ostree-admin-extensions-1.3.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-ostree-plugins-1.3.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-puppet-admin-extensions-2.16.4-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-puppet-plugins-2.16.4-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-puppet-tools-2.16.4-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-rpm-admin-extensions-2.16.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-rpm-plugins-2.16.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-selinux-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"pulp-server-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"puppet-agent-5.5.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"puppet-agent-oauth-0.5.1-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"puppet-foreman_scap_client-0.3.16-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"puppetlabs-stdlib-4.2.1-1.20140510git08b00d9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"puppetserver-5.3.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-billiard-debuginfo-3.5.0.3-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-blinker-1.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-bson-3.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-crane-3.1.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-flask-0.10.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-fpconst-0.7.3-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-gnupg-0.3.7-1.el7ui\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-gofer-2.12.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-gofer-qpid-2.12.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-imgcreate-20.4-1.6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-isodate-0.5.0-5.pulp.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-itsdangerous-0.23-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-jinja2-2.7.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-kid-0.9.6-11.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-mongoengine-0.10.5-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-nectar-1.5.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-oauth2-1.5.211-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-okaara-1.0.32-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-bindings-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-client-lib-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-common-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-docker-common-3.1.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-integrity-2.16.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-oid_validation-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-ostree-common-1.3.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-puppet-common-2.16.4-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-repoauth-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-rpm-common-2.16.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-pulp-streamer-2.16.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-pymongo-3.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-pymongo-debuginfo-3.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-pymongo-gridfs-3.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-qpid-1.35.0-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-qpid-proton-0.16.0-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-qpid-qmf-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-saslwrapper-0.22-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-semantic_version-2.2.0-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-simplejson-3.2.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-simplejson-debuginfo-3.2.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-twisted-core-12.2.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-twisted-core-debuginfo-12.2.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-twisted-web-12.1.0-5.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-werkzeug-0.9.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-zope-interface-4.0.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-zope-interface-debuginfo-4.0.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python2-amqp-2.2.2-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python2-billiard-3.5.0.3-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python2-celery-4.0.2-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python2-django-1.11.11-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python2-kombu-4.0.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python2-vine-1.1.3-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-cpp-client-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-cpp-client-devel-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-cpp-debuginfo-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-cpp-server-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-cpp-server-linearstore-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-dispatch-debuginfo-0.8.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-dispatch-router-0.8.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-dispatch-tools-0.8.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-proton-c-0.16.0-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-proton-debuginfo-0.16.0-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qpid-qmf-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qpid-tools-1.36.0-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-access-insights-puppet-0.0.9-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"repoview-0.6.6-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-ansi-1.4.3-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-bundler_ext-0.4.1-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-clamp-1.1.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-concurrent-ruby-1.0.3-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-facter-2.4.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-fast_gettext-1.1.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-ffi-1.4.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-ffi-debuginfo-1.4.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-foreman_scap_client-0.3.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-gssapi-1.1.2-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-hashie-2.0.5-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-highline-1.7.8-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-kafo-2.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-kafo_parsers-0.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-kafo_wizards-0.0.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-little-plugger-1.1.3-22.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-logging-2.2.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-mime-types-1.19-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-multi_json-1.12.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-netrc-0.7.7-9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-newt-0.9.6-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-newt-debuginfo-0.9.6-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-oauth-0.5.4-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-openscap-0.4.7-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-passenger-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-passenger-debuginfo-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-passenger-native-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-passenger-native-libs-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-powerbar-1.0.17-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rake-0.9.2.2-41.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rb-inotify-0.9.7-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rest-client-1.6.7-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-rkerberos-0.1.3-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-rkerberos-debuginfo-0.1.3-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rsec-0.4.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rubyipmi-0.10.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_ansible-2.0.2-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_dhcp_remote_isc-0.0.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_discovery-1.0.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_discovery_image-1.0.9-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_dynflow-0.2.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_openscap-0.6.11-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_pulp-1.3.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-smart_proxy_remote_execution_ssh-0.2.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-tilt-1.3.7-2.git.0.3b416c9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"saslwrapper-0.22-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"saslwrapper-debuginfo-0.22-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"satellite-6.4.0-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"satellite-capsule-6.4.0-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"satellite-cli-6.4.0-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"satellite-common-6.4.0-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"satellite-debug-tools-6.4.0-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"satellite-installer-6.4.0.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-actioncable-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-actionmailer-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-actionpack-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-actionview-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-activejob-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-activemodel-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-activerecord-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-activesupport-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-arel-8.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-builder-3.2.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-coffee-rails-4.2.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-coffee-script-2.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-coffee-script-source-1.12.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-concurrent-ruby-1.0.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-crass-1.0.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-erubi-1.7.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-execjs-2.7.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-globalid-0.4.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-i18n-0.9.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-loofah-2.1.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-mail-2.7.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-method_source-0.9.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-mime-types-3.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-mime-types-data-3.2016.0521-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-mini_mime-1.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-multi_json-1.12.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-mustermann-1.0.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-nio4r-2.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-nio4r-debuginfo-2.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-nokogiri-1.8.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-nokogiri-debuginfo-1.8.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-rack-2.0.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-rack-protection-2.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-rack-test-0.7.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-rails-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-rails-dom-testing-2.0.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-rails-html-sanitizer-1.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-railties-5.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-sinatra-2.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-sprockets-3.7.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-sprockets-rails-3.2.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-sqlite3-1.3.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-sqlite3-debuginfo-1.3.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-thor-0.20.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-thread_safe-0.3.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-tilt-2.0.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-turbolinks-2.5.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-tzinfo-1.2.4-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-websocket-driver-0.6.5-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-rubygem-websocket-driver-debuginfo-0.6.5-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-ror51-rubygem-websocket-extensions-0.1.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-ror51-runtime-1.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-activerecord-session_store-1.1.0-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-addressable-2.3.6-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-algebrick-0.7.3-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-ancestry-3.0.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-anemone-0.7.2-19.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-angular-rails-templates-1.0.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-apipie-bindings-0.2.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-apipie-params-0.0.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-apipie-rails-0.5.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-audited-4.7.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-autoparse-0.3.3-9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-awesome_print-1.8.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-bastion-6.1.11-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-bundler_ext-0.4.1-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-clamp-1.1.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-concurrent-ruby-edge-0.2.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-css_parser-1.4.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-daemons-1.2.3-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-deacon-1.0.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-deep_cloneable-2.2.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-deface-1.2.0-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-diffy-3.0.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-docker-api-1.28.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-domain_name-0.5.20160310-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-dynflow-1.0.5.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-excon-0.58.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-extlib-0.9.16-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-facter-2.4.0-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-faraday-0.9.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fast_gettext-1.4.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-ffi-1.4.0-11.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-ffi-debuginfo-1.4.0-11.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-1.42.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-aws-1.3.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-core-1.45.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-digitalocean-0.3.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-google-0.1.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-json-1.0.2-9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-libvirt-0.4.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-openstack-0.1.25-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-ovirt-1.1.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-rackspace-0.1.4-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-vsphere-2.3.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-xenserver-0.2.3-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-fog-xml-0.1.2-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman-redhat_access-2.0.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman-tasks-0.13.4.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman-tasks-core-0.2.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_ansible-2.2.9-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_ansible_core-2.1.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_bootdisk-12.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_discovery-12.0.2.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_docker-4.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_hooks-0.3.14.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_openscap-0.10.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_remote_execution-1.5.6-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_remote_execution_core-1.1.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_templates-6.0.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_theme_satellite-2.0.1.11-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-foreman_virt_who_configure-0.2.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-formatador-0.2.1-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-friendly_id-5.1.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-get_process_mem-0.2.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-gettext_i18n_rails-1.2.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-git-1.2.5-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-google-api-client-0.8.2-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-gssapi-1.2.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli-0.13.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_csv-2.3.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman-0.13.2.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_admin-0.0.8-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_ansible-0.1.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3.3-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_discovery-1.0.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_docker-0.0.6-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_openscap-0.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_tasks-0.0.12-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_templates-0.1.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hammer_cli_katello-0.13.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-hashie-2.0.5-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-highline-1.7.8-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-http-cookie-1.0.2-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-ipaddress-0.8.0-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-jgrep-1.3.3-11.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-journald-logger-2.0.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-journald-native-1.0.10-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-journald-native-debuginfo-1.0.10-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-jwt-1.2.0-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-katello-3.7.0.41-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-launchy-2.4.3-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-ldap_fluff-0.4.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-little-plugger-1.1.3-22.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-locale-2.0.9-12.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-logging-2.2.2-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-logging-journald-1.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-multipart-post-1.2.0-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-net-ldap-0.15.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-net-ping-2.0.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-net-scp-1.2.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-net-ssh-4.0.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-net-ssh-krb-0.4.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-netrc-0.11.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-oauth-0.5.4-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-ovirt-engine-sdk-4.2.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-ovirt_provision_plugin-1.0.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-parse-cron-0.1.4-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-passenger-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-passenger-debuginfo-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-passenger-native-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-passenger-native-libs-4.0.18-24.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-pg-0.21.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-pg-debuginfo-0.21.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-polyglot-0.3.5-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-powerbar-1.0.17-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-prometheus-client-0.7.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-qpid_messaging-1.36.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-qpid_messaging-debuginfo-1.36.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-quantile-0.2.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rabl-0.13.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rack-jsonp-1.3.1-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rails-i18n-5.0.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rainbow-2.2.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rbovirt-0.1.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rbvmomi-1.10.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-record_tag_helper-1.0.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-redhat_access-2.1.6-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-redhat_access_lib-1.1.4-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-responders-2.4.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-rest-client-2.0.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-retriable-1.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-roadie-3.2.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-roadie-rails-1.2.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-robotex-1.0.0-20.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-ruby-libvirt-0.7.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-ruby2ruby-2.4.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-ruby_parser-3.10.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-runcible-2.8.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-safemode-1.3.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-scoped_search-4.1.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-secure_headers-5.0.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-sequel-5.7.1-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-sexp_processor-4.10.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-signet-0.6.0-9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-smart_proxy_dynflow_core-0.2.1-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-sshkey-1.9.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-statsd-instrument-2.1.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-trollop-2.1.2-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-unf-0.1.3-6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-unf_ext-0.0.6-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-unf_ext-debuginfo-0.0.6-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-unicode-0.4.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-rubygem-unicode-debuginfo-0.4.4.1-5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-unicode-display_width-1.0.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-useragent-0.16.8-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-validates_lengths_from_database-0.5.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-webpack-rails-0.9.8-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-wicked-1.3.2-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-will_paginate-3.1.5-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tfm-rubygem-x-editable-rails-1.5.5-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tfm-runtime-4.0-3.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SOAPpy / ansiblerole-insights-client / candlepin / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:33", "bulletinFamily": "unix", "description": "Package : python-django\nVersion : 1.4.22-1+deb7u4\nCVE ID : CVE-2018-7536 CVE-2018-7537\n\n\nSeveral functions were extremely slow to evaluate certain inputs due to\ncatastrophic backtracking vulnerabilities in several regular expressions.\n\nCVE-2018-7536\n\n The django.utils.html.urlize() function was extremely slow to evaluate\n certain inputs due to catastrophic backtracking vulnerabilities in two\n regular expressions. The urlize() function is used to implement the urlize\n and urlizetrunc template filters, which were thus vulnerable.\n\n The problematic regular expressions are replaced with parsing logic that\n behaves similarly.\n\nCVE-2018-7537\n\n If django.utils.text.Truncator\u2019s chars() and words() methods were passed\n the html=True argument, they were extremely slow to evaluate certain inputs\n due to a catastrophic backtracking vulnerability in a regular expression.\n The chars() and words() methods are used to implement the truncatechars_html\n and truncatewords_html template filters, which were thus vulnerable.\n\n The backtracking problem in the regular expression is fixed.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.4.22-1+deb7u4.\n\nWe recommend that you upgrade your python-django packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2018-03-08T07:56:08", "published": "2018-03-08T07:56:08", "id": "DEBIAN:DLA-1303-1:6BD81", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201803/msg00006.html", "title": "[SECURITY] [DLA 1303-1] python-django security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4161-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nApril 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-django\nCVE ID : CVE-2018-7536 CVE-2018-7537\n\nJames Davis discovered two issues in Django, a high-level Python web\ndevelopment framework, that can lead to a denial-of-service attack.\nAn attacker with control on the input of the django.utils.html.urlize()\nfunction or django.utils.text.Truncator's chars() and words() methods\ncould craft a string that might stuck the execution of the application.\n \nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.7.11-1+deb8u3.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:1.10.7-2+deb9u1.\n\nWe recommend that you upgrade your python-django packages.\n\nFor the detailed security status of python-django please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/python-django\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-04-01T13:17:02", "published": "2018-04-01T13:17:02", "id": "DEBIAN:DSA-4161-1:21DFF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00087.html", "title": "[SECURITY] [DSA 4161-1] python-django security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:08", "bulletinFamily": "unix", "description": "James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.", "modified": "2018-03-06T00:00:00", "published": "2018-03-06T00:00:00", "id": "USN-3591-1", "href": "https://usn.ubuntu.com/3591-1/", "title": "Django vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:57", "bulletinFamily": "unix", "description": "Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es):\n\n* django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)\n\n* django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)\n\n* django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Django project for reporting CVE-2018-7536 and CVE-2018-7537.\n\nUsers of Red Hat Gluster Storage Web Administration with Red Hat Gluster Storage are advised to upgrade to this updated package to fix these issues.", "modified": "2019-02-04T12:33:35", "published": "2019-02-04T12:32:25", "id": "RHSA-2019:0265", "href": "https://access.redhat.com/errata/RHSA-2019:0265", "type": "redhat", "title": "(RHSA-2019:0265) Moderate: Red Hat Gluster Storage Web Administration security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "description": "Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.\n\nSecurity Fix(es):\n\n* django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Django project for reporting this issue.", "modified": "2019-01-16T21:52:37", "published": "2019-01-16T21:51:02", "id": "RHSA-2019:0051", "href": "https://access.redhat.com/errata/RHSA-2019:0051", "type": "redhat", "title": "(RHSA-2019:0051) Moderate: python-django security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:44", "bulletinFamily": "unix", "description": "Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.\n\nSecurity Fix(es):\n\n* django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Django project for reporting this issue.", "modified": "2019-01-16T22:35:05", "published": "2019-01-16T22:03:22", "id": "RHSA-2019:0082", "href": "https://access.redhat.com/errata/RHSA-2019:0082", "type": "redhat", "title": "(RHSA-2019:0082) Moderate: python-django security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "description": "Red Hat Satellite is a systems management tool for Linux-based infrastructure.\nIt allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)\n\n* bouncycastle: Information disclosure in GCMBlockCipher (CVE-2015-6644)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)\n\n* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)\n\n* python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (CVE-2017-7233)\n\n* hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)\n\n* puppet: Environment leakage in puppet-agent (CVE-2017-10690)\n\n* Satellite 6: XSS in discovery rule filter autocomplete functionality (CVE-2017-12175)\n\n* foreman: Stored XSS in fact name or value (CVE-2017-15100)\n\n* pulp: sensitive credentials revealed through the API (CVE-2018-1090)\n\n* foreman: SQL injection due to improper handling of the widget id parameter (CVE-2018-1096)\n\n* foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)\n\n* django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)\n\n* django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)\n\n* puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions (CVE-2017-10689)\n\n* bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions (CVE-2018-5382)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; and the Django project for reporting CVE-2017-7233, CVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat); and the CVE-2018-1096 issue was discovered by Martin Povolny (Red Hat). Red Hat would also like to thank David Jorm (IIX Product Security) for reporting CVE-2015-3208.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "modified": "2018-10-16T18:54:53", "published": "2018-10-16T18:18:07", "id": "RHSA-2018:2927", "href": "https://access.redhat.com/errata/RHSA-2018:2927", "type": "redhat", "title": "(RHSA-2018:2927) Important: Satellite 6.4 security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2019-11-21T12:51:02", "bulletinFamily": "software", "description": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", "modified": "2019-07-03T21:02:06", "published": "2019-01-04T17:50:00", "id": "GHSA-2F9X-5V75-3QV4", "href": "https://github.com/advisories/GHSA-2f9x-5v75-3qv4", "title": "Moderate severity vulnerability that affects django", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-21T12:51:02", "bulletinFamily": "software", "description": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.", "modified": "2019-07-03T21:02:06", "published": "2019-01-04T17:50:07", "id": "GHSA-R28V-MW67-M5P9", "href": "https://github.com/advisories/GHSA-r28v-mw67-m5p9", "title": "Moderate severity vulnerability that affects django", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}