ID EULEROS_SA-2019-1648.NASL Type nessus Reporter This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-06-27T00:00:00
Description
According to the version of the glibc packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
The iconv program in the GNU C Library (aka glibc or
libc6) 2.25 and earlier, when invoked with the -c
option, enters an infinite loop when processing invalid
multi-byte input sequences, leading to a denial of
service.(CVE-2016-10228)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
{"cve": [{"lastseen": "2020-12-09T20:07:33", "description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-02T01:59:00", "title": "CVE-2016-10228", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228"], "modified": "2020-10-20T21:15:00", "cpe": ["cpe:/a:gnu:glibc:2.25"], "id": "CVE-2016-10228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10228", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-07T08:58:49", "description": "According to the version of the glibc packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - The iconv program in the GNU C Library (aka glibc or\n libc6) 2.25 and earlier, when invoked with the -c\n option, enters an infinite loop when processing invalid\n multi-byte input sequences, leading to a denial of\n service.(CVE-2016-10228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-07-09T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2019-1703)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10228"], "modified": "2019-07-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nscd", "p-cpe:/a:huawei:euleros:glibc", "cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:libnsl", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-all-langpacks"], "id": "EULEROS_SA-2019-1703.NASL", "href": "https://www.tenable.com/plugins/nessus/126545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126545);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10228\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2019-1703)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glibc packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - The iconv program in the GNU C Library (aka glibc or\n libc6) 2.25 and earlier, when invoked with the -c\n option, enters an infinite loop when processing invalid\n multi-byte input sequences, leading to a denial of\n service.(CVE-2016-10228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1703\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9fc28385\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-all-langpacks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libnsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.28-9.h13\",\n \"glibc-all-langpacks-2.28-9.h13\",\n \"glibc-common-2.28-9.h13\",\n \"glibc-devel-2.28-9.h13\",\n \"glibc-headers-2.28-9.h13\",\n \"libnsl-2.28-9.h13\",\n \"nscd-2.28-9.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-23T10:36:29", "description": " - x86: Check IFUNC definition in unrelocated executable\n [BZ #20019]\n\n - x86: Set header.feature_1 in TCB for always-on CET [BZ\n #27177]\n\n - x86-64: Avoid rep movsb with short distance [BZ #27130]\n\n - Fix for CVE-2019-25013 buffer overrun in EUC-KR\n conversion module (bz #24973)\n\n - Add NEWS entry for CVE-2020-29562 (BZ #26923)\n\n - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)\n\n - tests-mcheck: New variable to run tests with\n MALLOC_CHECK_=3\n\n - iconv: Accept redundant shift sequences in IBM1364 [BZ\n #26224]\n\n - sh: Add sh4 fpu Implies folder\n\n - aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]\n\n - x86: Optimizing memcpy for AMD Zen architecture.\n\n - Reversing calculation of\n __x86_shared_non_temporal_threshold\n\n - AArch64: Use __memcpy_simd on Neoverse N2/V1\n\n - [AArch64] Improve integer memcpy\n\n - AArch64: Rename IS_ARES to IS_NEOVERSE_N1\n\n - AArch64: Improve backwards memmove performance\n\n - AArch64: Add optimized Q-register memcpy\n\n - AArch64: Align ENTRY to a cacheline\n\n - intl: Handle translation output codesets with suffixes\n [BZ #26383]\n\n - Add NEWS entry for CVE-2016-10228 (bug 19519)\n\n - Rewrite iconv option parsing [BZ #19519]\n\n - powerpc: Fix incorrect cache line size load in memset\n (bug 26332)\n\n - nptl: Zero-extend arguments to SETXID syscalls [BZ\n #26248]\n\n - Disable warnings due to deprecated libselinux symbols\n used by nss and nscd\n\n - Add NEWS entry for CVE-2020-6096 (bug 25620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "title": "Fedora 32 : glibc (2021-6e581c051a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29562", "CVE-2016-10228", "CVE-2020-6096", "CVE-2019-25013"], "modified": "2021-01-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2021-6E581C051A.NASL", "href": "https://www.tenable.com/plugins/nessus/145196", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2021-6e581c051a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145196);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\"CVE-2016-10228\", \"CVE-2019-25013\", \"CVE-2020-29562\", \"CVE-2020-6096\");\n script_xref(name:\"FEDORA\", value:\"2021-6e581c051a\");\n\n script_name(english:\"Fedora 32 : glibc (2021-6e581c051a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - x86: Check IFUNC definition in unrelocated executable\n [BZ #20019]\n\n - x86: Set header.feature_1 in TCB for always-on CET [BZ\n #27177]\n\n - x86-64: Avoid rep movsb with short distance [BZ #27130]\n\n - Fix for CVE-2019-25013 buffer overrun in EUC-KR\n conversion module (bz #24973)\n\n - Add NEWS entry for CVE-2020-29562 (BZ #26923)\n\n - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)\n\n - tests-mcheck: New variable to run tests with\n MALLOC_CHECK_=3\n\n - iconv: Accept redundant shift sequences in IBM1364 [BZ\n #26224]\n\n - sh: Add sh4 fpu Implies folder\n\n - aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]\n\n - x86: Optimizing memcpy for AMD Zen architecture.\n\n - Reversing calculation of\n __x86_shared_non_temporal_threshold\n\n - AArch64: Use __memcpy_simd on Neoverse N2/V1\n\n - [AArch64] Improve integer memcpy\n\n - AArch64: Rename IS_ARES to IS_NEOVERSE_N1\n\n - AArch64: Improve backwards memmove performance\n\n - AArch64: Add optimized Q-register memcpy\n\n - AArch64: Align ENTRY to a cacheline\n\n - intl: Handle translation output codesets with suffixes\n [BZ #26383]\n\n - Add NEWS entry for CVE-2016-10228 (bug 19519)\n\n - Rewrite iconv option parsing [BZ #19519]\n\n - powerpc: Fix incorrect cache line size load in memset\n (bug 26332)\n\n - nptl: Zero-extend arguments to SETXID syscalls [BZ\n #26248]\n\n - Disable warnings due to deprecated libselinux symbols\n used by nss and nscd\n\n - Add NEWS entry for CVE-2020-6096 (bug 25620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e581c051a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-6096\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"glibc-2.31-5.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:59:34", "description": "According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the clntudp_call\n function in sunrpc/clnt_udp.c in the GNU C Library (aka\n glibc or libc6) allows remote servers to cause a denial\n of service (crash) or possibly unspecified other impact\n via a flood of crafted ICMP and UDP\n packets.(CVE-2016-4429)\n\n - Integer overflow in the strxfrm function in the GNU C\n Library (aka glibc or libc6) before 2.21 allows\n context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string, which triggers a stack-based buffer\n overflow.(CVE-2015-8982)\n\n - The posix_spawn_file_actions_addopen function in glibc\n before 2.20 does not copy its path argument in\n accordance with the POSIX specification, which allows\n context-dependent attackers to trigger use-after-free\n vulnerabilities.(CVE-2014-4043)\n\n - res_query in libresolv in glibc before 2.25 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and process crash).(CVE-2015-5180)\n\n - A buffer overflow has been discovered in the GNU C\n Library (aka glibc or libc6) in the\n __mempcpy_avx512_no_vzeroupper function when particular\n conditions are met. An attacker could use this\n vulnerability to cause a denial of service or\n potentially execute code.(CVE-2018-11237)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29,\n proceed_next_node in posix/regexec.c has a heap-based\n buffer over-read via an attempted case-insensitive\n regular-expression match.(CVE-2019-9169)\n\n - The iconv program in the GNU C Library (aka glibc or\n libc6) 2.25 and earlier, when invoked with the -c\n option, enters an infinite loop when processing invalid\n multi-byte input sequences, leading to a denial of\n service.(CVE-2016-10228)\n\n - The DNS stub resolver in the GNU C Library (aka glibc\n or libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation.(CVE-2017-12132)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-24T00:00:00", "title": "EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8982", "CVE-2014-4043", "CVE-2018-11237", "CVE-2015-5180", "CVE-2016-4429", "CVE-2016-10228", "CVE-2019-9169", "CVE-2017-12132"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nscd", "p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2030.NASL", "href": "https://www.tenable.com/plugins/nessus/129223", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129223);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-4043\",\n \"CVE-2015-5180\",\n \"CVE-2015-8982\",\n \"CVE-2016-10228\",\n \"CVE-2016-4429\",\n \"CVE-2017-12132\",\n \"CVE-2018-11237\",\n \"CVE-2019-9169\"\n );\n script_bugtraq_id(\n 68006\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the clntudp_call\n function in sunrpc/clnt_udp.c in the GNU C Library (aka\n glibc or libc6) allows remote servers to cause a denial\n of service (crash) or possibly unspecified other impact\n via a flood of crafted ICMP and UDP\n packets.(CVE-2016-4429)\n\n - Integer overflow in the strxfrm function in the GNU C\n Library (aka glibc or libc6) before 2.21 allows\n context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string, which triggers a stack-based buffer\n overflow.(CVE-2015-8982)\n\n - The posix_spawn_file_actions_addopen function in glibc\n before 2.20 does not copy its path argument in\n accordance with the POSIX specification, which allows\n context-dependent attackers to trigger use-after-free\n vulnerabilities.(CVE-2014-4043)\n\n - res_query in libresolv in glibc before 2.25 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and process crash).(CVE-2015-5180)\n\n - A buffer overflow has been discovered in the GNU C\n Library (aka glibc or libc6) in the\n __mempcpy_avx512_no_vzeroupper function when particular\n conditions are met. An attacker could use this\n vulnerability to cause a denial of service or\n potentially execute code.(CVE-2018-11237)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29,\n proceed_next_node in posix/regexec.c has a heap-based\n buffer over-read via an attempted case-insensitive\n regular-expression match.(CVE-2019-9169)\n\n - The iconv program in the GNU C Library (aka glibc or\n libc6) 2.25 and earlier, when invoked with the -c\n option, enters an infinite loop when processing invalid\n multi-byte input sequences, leading to a denial of\n service.(CVE-2016-10228)\n\n - The DNS stub resolver in the GNU C Library (aka glibc\n or libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation.(CVE-2017-12132)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2030\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ebae79a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-196.h27\",\n \"glibc-common-2.17-196.h27\",\n \"glibc-devel-2.17-196.h27\",\n \"glibc-headers-2.17-196.h27\",\n \"glibc-static-2.17-196.h27\",\n \"glibc-utils-2.17-196.h27\",\n \"nscd-2.17-196.h27\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:35:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10228"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191703", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1703)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1703\");\n script_version(\"2020-01-23T12:20:26+0000\");\n script_cve_id(\"CVE-2016-10228\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:26 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1703)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1703\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1703\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1703 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.(CVE-2016-10228)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-all-langpacks\", rpm:\"glibc-all-langpacks~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnsl\", rpm:\"libnsl~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.28~9.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10228"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191648", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191648", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1648)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1648\");\n script_version(\"2020-01-23T12:18:57+0000\");\n script_cve_id(\"CVE-2016-10228\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:18:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:18:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1648)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1648\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1648\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1648 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.(CVE-2016-10228)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-all-langpacks\", rpm:\"glibc-all-langpacks~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-aa\", rpm:\"glibc-langpack-aa~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-af\", rpm:\"glibc-langpack-af~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-agr\", rpm:\"glibc-langpack-agr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ak\", rpm:\"glibc-langpack-ak~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-am\", rpm:\"glibc-langpack-am~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-an\", rpm:\"glibc-langpack-an~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-anp\", rpm:\"glibc-langpack-anp~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ar\", rpm:\"glibc-langpack-ar~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-as\", rpm:\"glibc-langpack-as~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ast\", rpm:\"glibc-langpack-ast~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ayc\", rpm:\"glibc-langpack-ayc~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-az\", rpm:\"glibc-langpack-az~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-be\", rpm:\"glibc-langpack-be~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bem\", rpm:\"glibc-langpack-bem~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ber\", rpm:\"glibc-langpack-ber~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bg\", rpm:\"glibc-langpack-bg~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bhb\", rpm:\"glibc-langpack-bhb~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bho\", rpm:\"glibc-langpack-bho~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bi\", rpm:\"glibc-langpack-bi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bn\", rpm:\"glibc-langpack-bn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bo\", rpm:\"glibc-langpack-bo~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-br\", rpm:\"glibc-langpack-br~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-brx\", rpm:\"glibc-langpack-brx~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-bs\", rpm:\"glibc-langpack-bs~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-byn\", rpm:\"glibc-langpack-byn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ca\", rpm:\"glibc-langpack-ca~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ce\", rpm:\"glibc-langpack-ce~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-chr\", rpm:\"glibc-langpack-chr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-cmn\", rpm:\"glibc-langpack-cmn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-crh\", rpm:\"glibc-langpack-crh~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-cs\", rpm:\"glibc-langpack-cs~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-csb\", rpm:\"glibc-langpack-csb~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-cv\", rpm:\"glibc-langpack-cv~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-cy\", rpm:\"glibc-langpack-cy~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-da\", rpm:\"glibc-langpack-da~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-de\", rpm:\"glibc-langpack-de~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-doi\", rpm:\"glibc-langpack-doi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-dsb\", rpm:\"glibc-langpack-dsb~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-dv\", rpm:\"glibc-langpack-dv~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-dz\", rpm:\"glibc-langpack-dz~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-el\", rpm:\"glibc-langpack-el~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-en\", rpm:\"glibc-langpack-en~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-eo\", rpm:\"glibc-langpack-eo~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-es\", rpm:\"glibc-langpack-es~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-et\", rpm:\"glibc-langpack-et~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-eu\", rpm:\"glibc-langpack-eu~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fa\", rpm:\"glibc-langpack-fa~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ff\", rpm:\"glibc-langpack-ff~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fi\", rpm:\"glibc-langpack-fi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fil\", rpm:\"glibc-langpack-fil~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fo\", rpm:\"glibc-langpack-fo~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fr\", rpm:\"glibc-langpack-fr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fur\", rpm:\"glibc-langpack-fur~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-fy\", rpm:\"glibc-langpack-fy~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ga\", rpm:\"glibc-langpack-ga~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-gd\", rpm:\"glibc-langpack-gd~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-gez\", rpm:\"glibc-langpack-gez~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-gl\", rpm:\"glibc-langpack-gl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-gu\", rpm:\"glibc-langpack-gu~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-gv\", rpm:\"glibc-langpack-gv~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ha\", rpm:\"glibc-langpack-ha~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hak\", rpm:\"glibc-langpack-hak~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-he\", rpm:\"glibc-langpack-he~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hi\", rpm:\"glibc-langpack-hi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hif\", rpm:\"glibc-langpack-hif~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hne\", rpm:\"glibc-langpack-hne~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hr\", rpm:\"glibc-langpack-hr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hsb\", rpm:\"glibc-langpack-hsb~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ht\", rpm:\"glibc-langpack-ht~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hu\", rpm:\"glibc-langpack-hu~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-hy\", rpm:\"glibc-langpack-hy~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ia\", rpm:\"glibc-langpack-ia~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-id\", rpm:\"glibc-langpack-id~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ig\", rpm:\"glibc-langpack-ig~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ik\", rpm:\"glibc-langpack-ik~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-is\", rpm:\"glibc-langpack-is~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-it\", rpm:\"glibc-langpack-it~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-iu\", rpm:\"glibc-langpack-iu~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ja\", rpm:\"glibc-langpack-ja~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ka\", rpm:\"glibc-langpack-ka~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-kab\", rpm:\"glibc-langpack-kab~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-kk\", rpm:\"glibc-langpack-kk~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-kl\", rpm:\"glibc-langpack-kl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-km\", rpm:\"glibc-langpack-km~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-kn\", rpm:\"glibc-langpack-kn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ko\", rpm:\"glibc-langpack-ko~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-kok\", rpm:\"glibc-langpack-kok~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ks\", rpm:\"glibc-langpack-ks~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ku\", rpm:\"glibc-langpack-ku~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-kw\", rpm:\"glibc-langpack-kw~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ky\", rpm:\"glibc-langpack-ky~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lb\", rpm:\"glibc-langpack-lb~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lg\", rpm:\"glibc-langpack-lg~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-li\", rpm:\"glibc-langpack-li~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lij\", rpm:\"glibc-langpack-lij~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ln\", rpm:\"glibc-langpack-ln~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lo\", rpm:\"glibc-langpack-lo~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lt\", rpm:\"glibc-langpack-lt~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lv\", rpm:\"glibc-langpack-lv~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-lzh\", rpm:\"glibc-langpack-lzh~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mag\", rpm:\"glibc-langpack-mag~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mai\", rpm:\"glibc-langpack-mai~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mfe\", rpm:\"glibc-langpack-mfe~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mg\", rpm:\"glibc-langpack-mg~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mhr\", rpm:\"glibc-langpack-mhr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mi\", rpm:\"glibc-langpack-mi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-miq\", rpm:\"glibc-langpack-miq~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mjw\", rpm:\"glibc-langpack-mjw~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mk\", rpm:\"glibc-langpack-mk~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ml\", rpm:\"glibc-langpack-ml~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mn\", rpm:\"glibc-langpack-mn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mni\", rpm:\"glibc-langpack-mni~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mr\", rpm:\"glibc-langpack-mr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ms\", rpm:\"glibc-langpack-ms~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-mt\", rpm:\"glibc-langpack-mt~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-my\", rpm:\"glibc-langpack-my~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nan\", rpm:\"glibc-langpack-nan~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nb\", rpm:\"glibc-langpack-nb~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nds\", rpm:\"glibc-langpack-nds~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ne\", rpm:\"glibc-langpack-ne~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nhn\", rpm:\"glibc-langpack-nhn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-niu\", rpm:\"glibc-langpack-niu~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nl\", rpm:\"glibc-langpack-nl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nn\", rpm:\"glibc-langpack-nn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nr\", rpm:\"glibc-langpack-nr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-nso\", rpm:\"glibc-langpack-nso~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-oc\", rpm:\"glibc-langpack-oc~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-om\", rpm:\"glibc-langpack-om~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-or\", rpm:\"glibc-langpack-or~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-os\", rpm:\"glibc-langpack-os~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-pa\", rpm:\"glibc-langpack-pa~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-pap\", rpm:\"glibc-langpack-pap~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-pl\", rpm:\"glibc-langpack-pl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ps\", rpm:\"glibc-langpack-ps~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-pt\", rpm:\"glibc-langpack-pt~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-quz\", rpm:\"glibc-langpack-quz~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-raj\", rpm:\"glibc-langpack-raj~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ro\", rpm:\"glibc-langpack-ro~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ru\", rpm:\"glibc-langpack-ru~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-rw\", rpm:\"glibc-langpack-rw~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sa\", rpm:\"glibc-langpack-sa~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sah\", rpm:\"glibc-langpack-sah~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sat\", rpm:\"glibc-langpack-sat~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sc\", rpm:\"glibc-langpack-sc~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sd\", rpm:\"glibc-langpack-sd~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-se\", rpm:\"glibc-langpack-se~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sgs\", rpm:\"glibc-langpack-sgs~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-shn\", rpm:\"glibc-langpack-shn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-shs\", rpm:\"glibc-langpack-shs~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-si\", rpm:\"glibc-langpack-si~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sid\", rpm:\"glibc-langpack-sid~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sk\", rpm:\"glibc-langpack-sk~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sl\", rpm:\"glibc-langpack-sl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sm\", rpm:\"glibc-langpack-sm~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-so\", rpm:\"glibc-langpack-so~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sq\", rpm:\"glibc-langpack-sq~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sr\", rpm:\"glibc-langpack-sr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ss\", rpm:\"glibc-langpack-ss~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-st\", rpm:\"glibc-langpack-st~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sv\", rpm:\"glibc-langpack-sv~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-sw\", rpm:\"glibc-langpack-sw~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-szl\", rpm:\"glibc-langpack-szl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ta\", rpm:\"glibc-langpack-ta~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tcy\", rpm:\"glibc-langpack-tcy~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-te\", rpm:\"glibc-langpack-te~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tg\", rpm:\"glibc-langpack-tg~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-th\", rpm:\"glibc-langpack-th~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-the\", rpm:\"glibc-langpack-the~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ti\", rpm:\"glibc-langpack-ti~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tig\", rpm:\"glibc-langpack-tig~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tk\", rpm:\"glibc-langpack-tk~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tl\", rpm:\"glibc-langpack-tl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tn\", rpm:\"glibc-langpack-tn~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-to\", rpm:\"glibc-langpack-to~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tpi\", rpm:\"glibc-langpack-tpi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tr\", rpm:\"glibc-langpack-tr~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ts\", rpm:\"glibc-langpack-ts~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-tt\", rpm:\"glibc-langpack-tt~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ug\", rpm:\"glibc-langpack-ug~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-uk\", rpm:\"glibc-langpack-uk~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-unm\", rpm:\"glibc-langpack-unm~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ur\", rpm:\"glibc-langpack-ur~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-uz\", rpm:\"glibc-langpack-uz~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-ve\", rpm:\"glibc-langpack-ve~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-vi\", rpm:\"glibc-langpack-vi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-wa\", rpm:\"glibc-langpack-wa~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-wae\", rpm:\"glibc-langpack-wae~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-wal\", rpm:\"glibc-langpack-wal~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-wo\", rpm:\"glibc-langpack-wo~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-xh\", rpm:\"glibc-langpack-xh~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-yi\", rpm:\"glibc-langpack-yi~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-yo\", rpm:\"glibc-langpack-yo~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-yue\", rpm:\"glibc-langpack-yue~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-yuw\", rpm:\"glibc-langpack-yuw~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-zh\", rpm:\"glibc-langpack-zh~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-langpack-zu\", rpm:\"glibc-langpack-zu~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-locale-source\", rpm:\"glibc-locale-source~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-minimal-langpack\", rpm:\"glibc-minimal-langpack~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnsl\", rpm:\"libnsl~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss_db\", rpm:\"nss_db~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss_hesiod\", rpm:\"nss_hesiod~2.28~9.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8982", "CVE-2014-4043", "CVE-2018-11237", "CVE-2015-5180", "CVE-2016-4429", "CVE-2016-10228", "CVE-2019-9169", "CVE-2017-12132"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192030", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-2030)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2030\");\n script_version(\"2020-01-23T12:31:19+0000\");\n script_cve_id(\"CVE-2014-4043\", \"CVE-2015-5180\", \"CVE-2015-8982\", \"CVE-2016-10228\", \"CVE-2016-4429\", \"CVE-2017-12132\", \"CVE-2018-11237\", \"CVE-2019-9169\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:31:19 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:31:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-2030)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2030\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2030\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-2030 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.(CVE-2016-4429)\n\nInteger overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.(CVE-2015-8982)\n\nThe posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.(CVE-2014-4043)\n\nres_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180)\n\nA buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237)\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169)\n\nThe iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.(CVE-2016-10228)\n\nThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~196.h27\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-01-20T04:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2020-29562", "CVE-2020-6096"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2021-01-20T01:28:29", "published": "2021-01-20T01:28:29", "id": "FEDORA:73B0C3094225", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: glibc-2.31-5.fc32", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2021-01-25T03:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29562", "CVE-2020-29573", "CVE-2016-10228", "CVE-2020-6096", "CVE-2020-1752"], "description": "### Background\n\nglibc is a package that contains the GNU C library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll glibc users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.32-r5\"", "edition": 1, "modified": "2021-01-25T00:00:00", "published": "2021-01-25T00:00:00", "id": "GLSA-202101-20", "href": "https://security.gentoo.org/glsa/202101-20", "title": "glibc: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2019-12-16T18:22:07", "bulletinFamily": "bugbounty", "bounty": 3000.0, "cvelist": ["CVE-2010-4052", "CVE-2014-3488", "CVE-2016-10228", "CVE-2017-12794", "CVE-2017-16997", "CVE-2017-18269", "CVE-2018-1000001", "CVE-2018-1000201", "CVE-2018-16869", "CVE-2018-18311", "CVE-2018-18520", "CVE-2019-15591"], "description": "Hi GitLab Security team\n\n### Summary\n\nGitLab makes the container scanning and dependency scanning information available as part of a JSON endpoint for merge requests. These reports are output of the CI job and should only be displayed if the visiting user has access to CI. However, right now GitLab displays the the container scanning and dependency scanning reports regardless of this permission, making it available to whoever has access to the merge request.\n\nFor public projects, GitLab allows to restrict CI pipelines to project members only (public pipelines disabled). However, in this case, the merge request widget still renders the scanning reports result, which is the outcome of a CI pipeline.\n\n### Steps to reproduce\n\nThis is reproducible on gitlab.com. It requires at least a gold plan to have the container scanning and dependency scanning feature available.\n\n1. Create a public project, restrict CI pipeline access to project members, and disable public pipelines\n2. Push a new branch and add .gitlab-ci.yml file with the following content:\n\n```yml\ntest:\n script: |\n echo '{\"image\": \"registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff\",\"unapproved\": [\"CVE-2017-18269\",\"CVE-2017-16997\",\"CVE-2018-1000001\",\"CVE-2016-10228\",\"CVE-2018-18520\",\"CVE-2010-4052\",\"CVE-2018-16869\",\"CVE-2018-18311\"],\"vulnerabilities\": [{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2017-18269\", \"namespace\": \"debian:9\", \"description\": \"SSE2-optimized memmove implementation problem.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2017-18269\", \"severity\": \"Defcon1\", \"fixedby\": \"2.24-11+deb9u4\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2017-16997\", \"namespace\": \"debian:9\", \"description\": \"elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \\\"./\\\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2017-16997\", \"severity\": \"Critical\", \"fixedby\": \"\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2018-1000001\", \"namespace\": \"debian:9\", \"description\": \"In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-1000001\", \"severity\": \"High\", \"fixedby\": \"\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2016-10228\", \"namespace\": \"debian:9\", \"description\": \"The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2016-10228\", \"severity\": \"Medium\", \"fixedby\": \"\"},{ \"featurename\": \"elfutils\", \"featureversion\": \"0.168-1\", \"vulnerability\": \"CVE-2018-18520\", \"namespace\": \"debian:9\", \"description\": \"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-18520\", \"severity\": \"Low\", \"fixedby\": \"\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2010-4052\", \"namespace\": \"debian:9\", \"description\": \"Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2010-4052\", \"severity\": \"Negligible\", \"fixedby\": \"\"},{ \"featurename\": \"nettle\", \"featureversion\": \"3.3-1\", \"vulnerability\": \"CVE-2018-16869\", \"namespace\": \"debian:9\", \"description\": \"A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-16869\", \"severity\": \"Unknown\", \"fixedby\": \"\"},{ \"featurename\": \"perl\", \"featureversion\": \"5.24.1-3+deb9u4\", \"vulnerability\": \"CVE-2018-18311\", \"namespace\": \"debian:9\", \"description\": \"Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-18311\", \"severity\": \"Unknown\", \"fixedby\": \"5.24.1-3+deb9u5\"},{ \"featurename\": \"foo\", \"featureversion\": \"1.3\", \"vulnerability\": \"CVE-2018-666\", \"namespace\": \"debian:9\", \"description\": \"Foo has a vulnerability nobody cares about and whitelist.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-666\", \"severity\": \"Unknown\", \"fixedby\": \"1.4\"}]}' > gl-container-scanning-report.json\n echo '{\"version\": \"1.3\",\"vulnerabilities\": [{\"category\": \"dependency_scanning\",\"name\": \"io.netty/netty - CVE-2014-3488\",\"message\": \"DoS by CPU exhaustion when using malicious SSL packets\",\"cve\": \"app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488\",\"severity\": \"Unknown\",\"solution\": \"Upgrade to the latest version\",\"scanner\": {\"id\": \"gemnasium\",\"name\": \"Gemnasium\"},\"location\": {\"file\": \"app/pom.xml\",\"dependency\": {\"package\": {\"name\": \"io.netty/netty\"},\"version\": \"3.9.1.Final\"}},\"identifiers\": [{\"type\": \"gemnasium\",\"name\": \"Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f\",\"value\": \"d1bf36d9-9f07-46cd-9cfc-8675338ada8f\",\"url\": \"https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories\"},{\"type\": \"cve\",\"name\": \"CVE-2014-3488\",\"value\": \"CVE-2014-3488\",\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488\"}],\"links\": [{\"url\": \"https://bugzilla.redhat.com/CVE-2014-3488\"},{\"url\": \"http://netty.io/news/2014/06/11/3.html\"},{\"url\": \"https://github.com/netty/netty/issues/2562\"}],\"priority\": \"Unknown\",\"file\": \"app/pom.xml\",\"url\": \"https://bugzilla.redhat.com/CVE-2014-3488\",\"tool\": \"gemnasium\"},{\"category\": \"dependency_scanning\",\"name\": \"Django - CVE-2017-12794\",\"message\": \"Possible XSS in traceback section of technical 500 debug page\",\"cve\": \"app/requirements.txt:Django@1.11.3:CVE-2017-12794\",\"severity\": \"Unknown\",\"solution\": \"Upgrade to latest version or apply patch.\",\"scanner\": {\"id\": \"gemnasium\",\"name\": \"Gemnasium\"},\"location\": {\"file\": \"app/requirements.txt\",\"dependency\": {\"package\": {\"name\": \"Django\"},\"version\": \"1.11.3\"}},\"identifiers\": [{\"type\": \"gemnasium\",\"name\": \"Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f\",\"value\": \"6162a015-8635-4a15-8d7c-dc9321db366f\",\"url\": \"https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories\"},{\"type\": \"cve\",\"name\": \"CVE-2017-12794\",\"value\": \"CVE-2017-12794\",\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794\"}],\"links\": [{\"url\": \"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/\"}],\"priority\": \"Unknown\",\"file\": \"app/requirements.txt\",\"url\": \"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/\",\"tool\": \"gemnasium\"},{\"category\": \"dependency_scanning\",\"name\": \"nokogiri - USN-3424-1\",\"message\": \"Vulnerabilities in libxml2\",\"cve\": \"rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1\",\"severity\": \"Unknown\",\"solution\": \"Upgrade to latest version.\",\"scanner\": {\"id\": \"gemnasium\",\"name\": \"Gemnasium\"},\"location\": {\"file\": \"rails/Gemfile.lock\",\"dependency\": {\"package\": {\"name\": \"nokogiri\"},\"version\": \"1.8.0\"}},\"identifiers\": [{\"type\": \"gemnasium\",\"name\": \"Gemnasium-06565b64-486d-4326-b906-890d9915804d\",\"value\": \"06565b64-486d-4326-b906-890d9915804d\",\"url\": \"https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories\"},{\"type\": \"usn\",\"name\": \"USN-3424-1\",\"value\": \"USN-3424-1\",\"url\": \"https://usn.ubuntu.com/3424-1/\"}],\"links\": [{\"url\": \"https://github.com/sparklemotion/nokogiri/issues/1673\"}],\"priority\": \"Unknown\",\"file\": \"rails/Gemfile.lock\",\"url\": \"https://github.com/sparklemotion/nokogiri/issues/1673\",\"tool\": \"gemnasium\"},{\"category\": \"dependency_scanning\",\"name\": \"ffi - CVE-2018-1000201\",\"message\": \"ruby-ffi DDL loading issue on Windows OS\",\"cve\": \"ffi:1.9.18:CVE-2018-1000201\",\"severity\": \"High\",\"solution\": \"upgrade to \\u003e= 1.9.24\",\"scanner\": {\"id\": \"bundler_audit\",\"name\": \"bundler-audit\"},\"location\": {\"file\": \"sast-sample-rails/Gemfile.lock\",\"dependency\": {\"package\": {\"name\": \"ffi\"},\"version\": \"1.9.18\"}},\"identifiers\": [{\"type\": \"cve\",\"name\": \"CVE-2018-1000201\",\"value\": \"CVE-2018-1000201\",\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201\"}],\"links\": [{\"url\": \"https://github.com/ffi/ffi/releases/tag/1.9.24\"}],\"priority\": \"High\",\"file\": \"sast-sample-rails/Gemfile.lock\",\"url\": \"https://github.com/ffi/ffi/releases/tag/1.9.24\",\"tool\": \"bundler_audit\"}]}' > gl-dependency-scanning-report.json\n artifacts:\n reports:\n container_scanning: gl-container-scanning-report.json\n dependency_scanning: gl-dependency-scanning-report.json\n\n```\n3. Create a merge request with those changes\n4. As an unauthorized user, visit the page `https://example.gitlab.com/<namespace>/<public-project-name>/merge_requests/1/merge_requests/1/container_scanning_reports` and `https://example.gitlab.com/<namespace>/<public-project-name>/merge_requests/1/merge_requests/1/dependency_scanning_reports`\n\nThese two endpoints are now leaking the container scanning dependency scanning information to unauthorized users, who do not have access to CI. \n\n### Impact\n\nUnauthorized users have access to critical information like the container scanning or dependency scanning report, thus have a lot of insight of an application. By knowing the found vulnerabilities (or still existing), they could attack the target application.\n\n### Examples\n\nThis happens on gitlab.com. I've setup a test project, where the CI pipeline access is restricted to project members. However, you can access the container scanning and dependency scanning report from CI via the following endpoints:\n\n* https://gitlab.com/test-group-wter/test-reports/merge_requests/1/container_scanning_reports\n* https://gitlab.com/test-group-wter/test-reports/merge_requests/1/dependency_scanning_reports\n\n### What is the current *bug* behavior?\n\nContainer scanning and dependency scanning reports are leaked on merge requests endpoints. \n\n### What is the expected *correct* behavior?\n\nContainer scanning and dependency scanning report endpoints on merge requests require proper access control to avoid leaking it to unauthorized users.\n\nBest regards,\nXanbanx\n\n## Impact\n\nSee above", "modified": "2019-12-13T14:53:19", "published": "2019-08-19T22:30:30", "id": "H1:676976", "href": "https://hackerone.com/reports/676976", "type": "hackerone", "title": "GitLab: Container scanning and Dependency scanning report leaked to unauthorized users", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
