ID FEDORA_2019-E4819C6510.NASL Type nessus Reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
oniguruma security fix bugport, including fix for CVE-2019-16163 and
bugs found on PHP.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-e4819c6510.
#
include("compat.inc");
if (description)
{
script_id(131172);
script_version("1.2");
script_cvs_date("Date: 2019/12/09");
script_cve_id("CVE-2019-16163");
script_xref(name:"FEDORA", value:"2019-e4819c6510");
script_name(english:"Fedora 30 : oniguruma (2019-e4819c6510)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"oniguruma security fix bugport, including fix for CVE-2019-16163 and
bugs found on PHP.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4819c6510"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected oniguruma package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"oniguruma-6.9.2-3.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
}
{"id": "FEDORA_2019-E4819C6510.NASL", "bulletinFamily": "scanner", "title": "Fedora 30 : oniguruma (2019-e4819c6510)", "description": "oniguruma security fix bugport, including fix for CVE-2019-16163 and\nbugs found on PHP.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2019-11-21T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/131172", "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4819c6510"], "cvelist": ["CVE-2019-16163"], "type": "nessus", "lastseen": "2021-01-01T02:27:57", "edition": 15, "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-16163"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1918-1:DAA1E", "DEBIAN:DLA-2431-1:6BC5D"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201019", "OPENVAS:1361412562311220201350", "OPENVAS:1361412562311220201178", "OPENVAS:1361412562311220201172", "OPENVAS:1361412562310877026", "OPENVAS:1361412562310891918", "OPENVAS:1361412562311220201339", "OPENVAS:1361412562310877028", "OPENVAS:1361412562310877069"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1339.NASL", "EULEROS_SA-2020-1172.NASL", "EULEROS_SA-2020-1019.NASL", "PHOTONOS_PHSA-2019-2_0-0196_ONIGURUMA.NASL", "DEBIAN_DLA-2431.NASL", "AL2_ALAS-2020-1380.NASL", "EULEROS_SA-2020-1178.NASL", "FEDORA_2019-6A931C8EEC.NASL", "DEBIAN_DLA-1918.NASL", "EULEROS_SA-2020-1350.NASL"]}, {"type": "fedora", "idList": ["FEDORA:E0B4F6075B3D", "FEDORA:E804C60D0D7B", "FEDORA:735A760C4528"]}, {"type": "ubuntu", "idList": ["USN-4460-1"]}, {"type": "amazon", "idList": ["ALAS2-2020-1380"]}, {"type": "redhat", "idList": ["RHSA-2020:3662"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3662"]}], "modified": "2021-01-01T02:27:57", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-01-01T02:27:57", "rev": 2}, "vulnersScore": 6.8}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e4819c6510.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131172);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-16163\");\n script_xref(name:\"FEDORA\", value:\"2019-e4819c6510\");\n\n script_name(english:\"Fedora 30 : oniguruma (2019-e4819c6510)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"oniguruma security fix bugport, including fix for CVE-2019-16163 and\nbugs found on PHP.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4819c6510\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"oniguruma-6.9.2-3.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "131172", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:oniguruma"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}
{"cve": [{"lastseen": "2020-12-09T21:41:45", "description": "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-09T17:15:00", "title": "CVE-2019-16163", "type": "cve", "cwe": ["CWE-674"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16163"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-16163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16163", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "debian": [{"lastseen": "2020-08-12T00:47:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16163"], "description": "Package : libonig\nVersion : 5.9.5-3.2+deb8u3\nCVE ID : CVE-2019-16163\nDebian Bug : 939988\n\n\nThe Oniguruma regular expressions library, notably used in PHP\nmbstring, is vulnerable to stack exhaustion. A crafted regular\nexpression can crash the process.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n5.9.5-3.2+deb8u3.\n\nWe recommend that you upgrade your libonig packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-09-12T09:48:26", "published": "2019-09-12T09:48:26", "id": "DEBIAN:DLA-1918-1:DAA1E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201909/msg00010.html", "title": "[SECURITY] [DLA 1918-1] libonig security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-06T01:28:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19203", "CVE-2019-13224", "CVE-2019-19246", "CVE-2019-16163", "CVE-2020-26159"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2431-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 05, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libonig\nVersion : 6.1.3-2+deb9u1\nCVE ID : CVE-2019-13224 CVE-2019-16163 CVE-2019-19012\n CVE-2019-19203 CVE-2019-19204 CVE-2019-19246\n CVE-2020-26159\nDebian Bug : 931878 939988 944959 945312 945313 946344 972113\n\nSeveral vulnerabilities were discovered in the Oniguruma regular\nexpressions library, notably used in PHP mbstring.\n\nCVE-2019-13224\n\n A use-after-free in onig_new_deluxe() in regext.c allows\n attackers to potentially cause information disclosure, denial of\n service, or possibly code execution by providing a crafted regular\n expression. The attacker provides a pair of a regex pattern and a\n string, with a multi-byte encoding that gets handled by\n onig_new_deluxe().\n\nCVE-2019-16163\n\n Oniguruma allows Stack Exhaustion in regcomp.c because of recursion\n in regparse.c.\n\nCVE-2019-19012\n\n An integer overflow in the search_in_range function in regexec.c in\n Onigurama leads to an out-of-bounds read, in which the offset of\n this read is under the control of an attacker. (This only affects\n the 32-bit compiled version). Remote attackers can cause a\n denial-of-service or information disclosure, or possibly have\n unspecified other impact, via a crafted regular expression.\n\nCVE-2019-19203\n\n An issue was discovered in Oniguruma. In the function\n gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is\n dereferenced without checking if it passed the end of the matched\n string. This leads to a heap-based buffer over-read.\n\nCVE-2019-19204\n\n An issue was discovered in Oniguruma. In the function\n fetch_interval_quantifier (formerly known as fetch_range_quantifier)\n in regparse.c, PFETCH is called without checking PEND. This leads to\n a heap-based buffer over-read.\n\nCVE-2019-19246\n\n Oniguruma has a heap-based buffer over-read in str_lower_case_match\n in regexec.c.\n\nCVE-2020-26159\n\n In Oniguruma an attacker able to supply a regular expression for\n compilation may be able to overflow a buffer by one byte in\n concat_opt_exact_str in src/regcomp.c\n\nFor Debian 9 stretch, these problems have been fixed in version\n6.1.3-2+deb9u1.\n\nWe recommend that you upgrade your libonig packages.\n\nFor the detailed security status of libonig please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libonig\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-11-05T01:30:04", "published": "2020-11-05T01:30:04", "id": "DEBIAN:DLA-2431-1:6BC5D", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202011/msg00006.html", "title": "[SECURITY][DLA 2431-1] libonig security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T19:29:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16163"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-09-13T00:00:00", "id": "OPENVAS:1361412562310891918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891918", "type": "openvas", "title": "Debian LTS: Security Advisory for libonig (DLA-1918-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891918\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-16163\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-13 02:00:06 +0000 (Fri, 13 Sep 2019)\");\n script_name(\"Debian LTS: Security Advisory for libonig (DLA-1918-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1918-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/939988\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libonig'\n package(s) announced via the DLA-1918-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Oniguruma regular expressions library, notably used in PHP\nmbstring, is vulnerable to stack exhaustion. A crafted regular\nexpression can crash the process.\");\n\n script_tag(name:\"affected\", value:\"'libonig' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u3.\n\nWe recommend that you upgrade your libonig packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libonig-dev\", ver:\"5.9.5-3.2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2\", ver:\"5.9.5-3.2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2-dbg\", ver:\"5.9.5-3.2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-04T16:53:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-02T00:00:00", "published": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201178", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201178", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1178)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1178\");\n script_version(\"2020-03-02T09:20:48+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 09:20:48 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:58:04 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1178)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1178\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1178\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1178 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-04T15:40:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163"], "description": "The remote host is missing an update for the ", "modified": "2019-12-04T00:00:00", "published": "2019-11-21T00:00:00", "id": "OPENVAS:1361412562310877028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877028", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-6a931c8eec", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877028\");\n script_version(\"2019-12-04T09:04:42+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-13225\", \"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-04 09:04:42 +0000 (Wed, 04 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-21 03:39:38 +0000 (Thu, 21 Nov 2019)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-6a931c8eec\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6a931c8eec\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-6a931c8eec advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.1~3.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-04T15:43:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163"], "description": "The remote host is missing an update for the ", "modified": "2019-12-04T00:00:00", "published": "2019-11-21T00:00:00", "id": "OPENVAS:1361412562310877026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877026", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-e4819c6510", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877026\");\n script_version(\"2019-12-04T09:04:42+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-13225\", \"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-04 09:04:42 +0000 (Wed, 04 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-21 03:39:35 +0000 (Thu, 21 Nov 2019)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-e4819c6510\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e4819c6510\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-e4819c6510 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.2~3.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-07T16:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-03T00:00:00", "published": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562311220201339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201339", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1339)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1339\");\n script_version(\"2020-04-03T06:07:41+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:07:41 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:00 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1339)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1339\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1339\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1339 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nAn out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application, resulting in a denial of service.(CVE-2019-19204)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.3.4~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.6~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~2.1.0~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-openssl\", rpm:\"rubygem-openssl~2.1.0~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~3.0.2~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~6.0.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.7.6~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-19T16:49:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19204", "CVE-2019-19203", "CVE-2019-19246", "CVE-2019-16163"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201019", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for oniguruma (EulerOS-SA-2020-1019)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1019\");\n script_version(\"2020-01-23T13:16:31+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19203\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:16:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:16:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for oniguruma (EulerOS-SA-2020-1019)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1019\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1019\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'oniguruma' package(s) announced via the EulerOS-SA-2020-1019 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.(CVE-2019-19203)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.0~2.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-19T14:46:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19203", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-19246", "CVE-2019-16163"], "description": "The remote host is missing an update for the ", "modified": "2019-12-18T00:00:00", "published": "2019-12-08T00:00:00", "id": "OPENVAS:1361412562310877069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877069", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-73197ff9a0", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877069\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2019-19204\", \"CVE-2019-19203\", \"CVE-2019-19012\", \"CVE-2019-16163\", \"CVE-2019-19246\", \"CVE-2019-13225\", \"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-08 03:30:47 +0000 (Sun, 08 Dec 2019)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-73197ff9a0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-73197ff9a0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-73197ff9a0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.2~4.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-07T16:58:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2019-11046", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-03T00:00:00", "published": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562311220201350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201350", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1350\");\n script_version(\"2020-04-03T06:07:41+0000\");\n script_cve_id(\"CVE-2017-7272\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:07:41 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:33 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1350\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1350 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\nPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-03-04T16:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2019-11046", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-02T00:00:00", "published": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201172", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1172\");\n script_version(\"2020-03-02T09:20:48+0000\");\n script_cve_id(\"CVE-2017-7272\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 09:20:48 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:50 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1172\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1172\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1172 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T02:24:00", "description": "oniguruma security fix bugport, including fix for CVE-2019-16163 and\nbugs found on PHP.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-21T00:00:00", "title": "Fedora 29 : oniguruma (2019-6a931c8eec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16163"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:oniguruma"], "id": "FEDORA_2019-6A931C8EEC.NASL", "href": "https://www.tenable.com/plugins/nessus/131169", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6a931c8eec.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131169);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-16163\");\n script_xref(name:\"FEDORA\", value:\"2019-6a931c8eec\");\n\n script_name(english:\"Fedora 29 : oniguruma (2019-6a931c8eec)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"oniguruma security fix bugport, including fix for CVE-2019-16163 and\nbugs found on PHP.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a931c8eec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"oniguruma-6.9.1-3.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:41:23", "description": "The Oniguruma regular expressions library, notably used in PHP\nmbstring, is vulnerable to stack exhaustion. A crafted regular\nexpression can crash the process.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u3.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-16T00:00:00", "title": "Debian DLA-1918-1 : libonig security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16163"], "modified": "2019-09-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libonig-dev", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libonig2", "p-cpe:/a:debian:debian_linux:libonig2-dbg"], "id": "DEBIAN_DLA-1918.NASL", "href": "https://www.tenable.com/plugins/nessus/128778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1918-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128778);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-16163\");\n\n script_name(english:\"Debian DLA-1918-1 : libonig security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Oniguruma regular expressions library, notably used in PHP\nmbstring, is vulnerable to stack exhaustion. A crafted regular\nexpression can crash the process.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u3.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libonig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libonig-dev\", reference:\"5.9.5-3.2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2\", reference:\"5.9.5-3.2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2-dbg\", reference:\"5.9.5-3.2+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:03:26", "description": "According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An out-of-bounds read vulnerability was found in\n Oniguruma in the way it handled regular expression\n quantifiers. A remote attacker could abuse this flaw by\n providing a malformed regular expression that, when\n processed by an application linked to Oniguruma, could\n possibly crash the application, resulting in a denial\n of service.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-04-02T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1339)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2020-04-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rubygem-openssl", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal"], "id": "EULEROS_SA-2020-1339.NASL", "href": "https://www.tenable.com/plugins/nessus/135126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135126);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1339)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An out-of-bounds read vulnerability was found in\n Oniguruma in the way it handled regular expression\n quantifiers. A remote attacker could abuse this flaw by\n providing a malformed regular expression that, when\n processed by an application linked to Oniguruma, could\n possibly crash the application, resulting in a denial\n of service.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1339\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2f8c64f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h6.eulerosv2r8\",\n \"rubygem-bigdecimal-1.3.4-98.h6.eulerosv2r8\",\n \"rubygem-io-console-0.4.6-98.h6.eulerosv2r8\",\n \"rubygem-json-2.1.0-98.h6.eulerosv2r8\",\n \"rubygem-openssl-2.1.0-98.h6.eulerosv2r8\",\n \"rubygem-psych-3.0.2-98.h6.eulerosv2r8\",\n \"rubygem-rdoc-6.0.1-98.h6.eulerosv2r8\",\n \"rubygems-2.7.6-98.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:02:31", "description": "According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-02-25T00:00:00", "title": "EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1178)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2020-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/134012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134012);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1178)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1178\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bae3487a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:17:21", "description": "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of\nrecursion in regparse.c. (CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has\na heap-based buffer over-read in str_lower_case_match in\nregexec.c.(CVE-2019-19246)", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-09T00:00:00", "title": "Amazon Linux 2 : oniguruma (ALAS-2020-1380)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:oniguruma", "p-cpe:/a:amazon:linux:oniguruma-debuginfo", "p-cpe:/a:amazon:linux:oniguruma-devel"], "id": "AL2_ALAS-2020-1380.NASL", "href": "https://www.tenable.com/plugins/nessus/132735", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1380.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132735);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19012\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_xref(name:\"ALAS\", value:\"2020-1380\");\n\n script_name(english:\"Amazon Linux 2 : oniguruma (ALAS-2020-1380)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of\nrecursion in regparse.c. (CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has\na heap-based buffer over-read in str_lower_case_match in\nregexec.c.(CVE-2019-19246)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1380.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update oniguruma' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-5.9.6-1.amzn2.0.3\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-debuginfo-5.9.6-1.amzn2.0.3\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-devel-5.9.6-1.amzn2.0.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma / oniguruma-debuginfo / oniguruma-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:01:48", "description": "According to the versions of the oniguruma package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function gb18030_mbc_enc_len in file\n gb18030.c, a UChar pointer is dereferenced without\n checking if it passed the end of the matched string.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19203)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-02T00:00:00", "title": "EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19204", "CVE-2019-19203", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:oniguruma", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1019.NASL", "href": "https://www.tenable.com/plugins/nessus/132612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132612);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the oniguruma package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function gb18030_mbc_enc_len in file\n gb18030.c, a UChar pointer is dereferenced without\n checking if it passed the end of the matched string.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19203)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02bb355c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected oniguruma packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"oniguruma-6.9.0-2.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:08:29", "description": "An update of the oniguruma package has been released.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "title": "Photon OS 2.0: Oniguruma PHSA-2019-2.0-0196", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19203", "CVE-2019-13225", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:oniguruma", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0196_ONIGURUMA.NASL", "href": "https://www.tenable.com/plugins/nessus/132975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0196. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132975);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19012\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"Photon OS 2.0: Oniguruma PHSA-2019-2.0-0196\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the oniguruma package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-196.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"oniguruma-6.9.3-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"src\", reference:\"oniguruma-6.9.3-1.ph2.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"oniguruma-debuginfo-6.9.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-13T01:35:57", "description": "Several vulnerabilities were discovered in the Oniguruma regular\nexpressions library, notably used in PHP mbstring.\n\nCVE-2019-13224\n\nA use-after-free in onig_new_deluxe() in regext.c allows attackers to\npotentially cause information disclosure, denial of service, or\npossibly code execution by providing a crafted regular expression. The\nattacker provides a pair of a regex pattern and a string, with a\nmulti-byte encoding that gets handled by onig_new_deluxe().\n\nCVE-2019-16163\n\nOniguruma allows Stack Exhaustion in regcomp.c because of recursion in\nregparse.c.\n\nCVE-2019-19012\n\nAn integer overflow in the search_in_range function in regexec.c in\nOnigurama leads to an out-of-bounds read, in which the offset of this\nread is under the control of an attacker. (This only affects the\n32-bit compiled version). Remote attackers can cause a\ndenial of service or information disclosure, or possibly have\nunspecified other impact, via a crafted regular expression.\n\nCVE-2019-19203\n\nAn issue was discovered in Oniguruma. In the function\ngb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced\nwithout checking if it passed the end of the matched string. This\nleads to a heap-based buffer over-read.\n\nCVE-2019-19204\n\nAn issue was discovered in Oniguruma. In the function\nfetch_interval_quantifier (formerly known as fetch_range_quantifier)\nin regparse.c, PFETCH is called without checking PEND. This leads to a\nheap-based buffer over-read.\n\nCVE-2019-19246\n\nOniguruma has a heap-based buffer over-read in str_lower_case_match in\nregexec.c.\n\nCVE-2020-26159\n\nIn Oniguruma an attacker able to supply a regular expression for\ncompilation may be able to overflow a buffer by one byte in\nconcat_opt_exact_str in src/regcomp.c\n\nFor Debian 9 stretch, these problems have been fixed in version\n6.1.3-2+deb9u1.\n\nWe recommend that you upgrade your libonig packages.\n\nFor the detailed security status of libonig please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libonig\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 2, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-11-06T00:00:00", "title": "Debian DLA-2431-1 : libonig security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19203", "CVE-2019-13224", "CVE-2019-19246", "CVE-2019-16163", "CVE-2020-26159"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libonig-dev", "p-cpe:/a:debian:debian_linux:libonig4-dbg", "p-cpe:/a:debian:debian_linux:libonig4", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2431.NASL", "href": "https://www.tenable.com/plugins/nessus/142546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2431-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142546);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/10\");\n\n script_cve_id(\"CVE-2019-13224\", \"CVE-2019-16163\", \"CVE-2019-19012\", \"CVE-2019-19203\", \"CVE-2019-19204\", \"CVE-2019-19246\", \"CVE-2020-26159\");\n\n script_name(english:\"Debian DLA-2431-1 : libonig security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in the Oniguruma regular\nexpressions library, notably used in PHP mbstring.\n\nCVE-2019-13224\n\nA use-after-free in onig_new_deluxe() in regext.c allows attackers to\npotentially cause information disclosure, denial of service, or\npossibly code execution by providing a crafted regular expression. The\nattacker provides a pair of a regex pattern and a string, with a\nmulti-byte encoding that gets handled by onig_new_deluxe().\n\nCVE-2019-16163\n\nOniguruma allows Stack Exhaustion in regcomp.c because of recursion in\nregparse.c.\n\nCVE-2019-19012\n\nAn integer overflow in the search_in_range function in regexec.c in\nOnigurama leads to an out-of-bounds read, in which the offset of this\nread is under the control of an attacker. (This only affects the\n32-bit compiled version). Remote attackers can cause a\ndenial of service or information disclosure, or possibly have\nunspecified other impact, via a crafted regular expression.\n\nCVE-2019-19203\n\nAn issue was discovered in Oniguruma. In the function\ngb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced\nwithout checking if it passed the end of the matched string. This\nleads to a heap-based buffer over-read.\n\nCVE-2019-19204\n\nAn issue was discovered in Oniguruma. In the function\nfetch_interval_quantifier (formerly known as fetch_range_quantifier)\nin regparse.c, PFETCH is called without checking PEND. This leads to a\nheap-based buffer over-read.\n\nCVE-2019-19246\n\nOniguruma has a heap-based buffer over-read in str_lower_case_match in\nregexec.c.\n\nCVE-2020-26159\n\nIn Oniguruma an attacker able to supply a regular expression for\ncompilation may be able to overflow a buffer by one byte in\nconcat_opt_exact_str in src/regcomp.c\n\nFor Debian 9 stretch, these problems have been fixed in version\n6.1.3-2+deb9u1.\n\nWe recommend that you upgrade your libonig packages.\n\nFor the detailed security status of libonig please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libonig\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/11/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libonig\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libonig\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libonig-dev, libonig4, and libonig4-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26159\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libonig-dev\", reference:\"6.1.3-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libonig4\", reference:\"6.1.3-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libonig4-dbg\", reference:\"6.1.3-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:02:30", "description": "According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading\n beyond the allocated space by supplying it with string\n containing characters that are identified as numeric by\n the OS but aren't ASCII numbers. This can read to\n disclosure of the content of some memory\n locations.(CVE-2019-11046)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2020-02-25T00:00:00", "title": "EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1172)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2019-11046", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-fpm", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-xmlrpc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-gd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/134006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134006);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7272\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1172)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading\n beyond the allocated space by supplying it with string\n containing characters that are identified as numeric by\n the OS but aren't ASCII numbers. This can read to\n disclosure of the content of some memory\n locations.(CVE-2019-11046)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1172\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01035da3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-7.2.10-1.h13.eulerosv2r8\",\n \"php-cli-7.2.10-1.h13.eulerosv2r8\",\n \"php-common-7.2.10-1.h13.eulerosv2r8\",\n \"php-fpm-7.2.10-1.h13.eulerosv2r8\",\n \"php-gd-7.2.10-1.h13.eulerosv2r8\",\n \"php-ldap-7.2.10-1.h13.eulerosv2r8\",\n \"php-odbc-7.2.10-1.h13.eulerosv2r8\",\n \"php-pdo-7.2.10-1.h13.eulerosv2r8\",\n \"php-process-7.2.10-1.h13.eulerosv2r8\",\n \"php-recode-7.2.10-1.h13.eulerosv2r8\",\n \"php-soap-7.2.10-1.h13.eulerosv2r8\",\n \"php-xml-7.2.10-1.h13.eulerosv2r8\",\n \"php-xmlrpc-7.2.10-1.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T09:03:28", "description": "According to the versions of the php packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading\n beyond the allocated space by supplying it with string\n containing characters that are identified as numeric by\n the OS but aren't ASCII numbers. This can read to\n disclosure of the content of some memory\n locations.(CVE-2019-11046)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2020-04-02T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2019-11046", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-04-02T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php"], "id": "EULEROS_SA-2020-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/135137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135137);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7272\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading\n beyond the allocated space by supplying it with string\n containing characters that are identified as numeric by\n the OS but aren't ASCII numbers. This can read to\n disclosure of the content of some memory\n locations.(CVE-2019-11046)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6edb8cba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-7.2.10-1.h13.eulerosv2r8\",\n \"php-cli-7.2.10-1.h13.eulerosv2r8\",\n \"php-common-7.2.10-1.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2019-11-21T00:56:07", "published": "2019-11-21T00:56:07", "id": "FEDORA:735A760C4528", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: oniguruma-6.9.2-3.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2019-11-21T02:02:49", "published": "2019-11-21T02:02:49", "id": "FEDORA:E804C60D0D7B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: oniguruma-6.9.1-3.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19012", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246"], "description": "Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) ", "modified": "2019-12-08T01:03:41", "published": "2019-12-08T01:03:41", "id": "FEDORA:E0B4F6075B3D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: oniguruma-6.9.2-4.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "description": "**Issue Overview:**\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. ([CVE-2019-16163 __](<https://access.redhat.com/security/cve/CVE-2019-16163>))\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.([CVE-2019-19246 __](<https://access.redhat.com/security/cve/CVE-2019-19246>))\n\n \n**Affected Packages:** \n\n\noniguruma\n\n \n**Issue Correction:** \nRun _yum update oniguruma_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n oniguruma-5.9.6-1.amzn2.0.3.aarch64 \n oniguruma-devel-5.9.6-1.amzn2.0.3.aarch64 \n oniguruma-debuginfo-5.9.6-1.amzn2.0.3.aarch64 \n \n i686: \n oniguruma-5.9.6-1.amzn2.0.3.i686 \n oniguruma-devel-5.9.6-1.amzn2.0.3.i686 \n oniguruma-debuginfo-5.9.6-1.amzn2.0.3.i686 \n \n src: \n oniguruma-5.9.6-1.amzn2.0.3.src \n \n x86_64: \n oniguruma-5.9.6-1.amzn2.0.3.x86_64 \n oniguruma-devel-5.9.6-1.amzn2.0.3.x86_64 \n oniguruma-debuginfo-5.9.6-1.amzn2.0.3.x86_64 \n \n \n", "edition": 1, "modified": "2020-01-06T23:44:00", "published": "2020-01-06T23:44:00", "id": "ALAS2-2020-1380", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1380.html", "title": "Medium: oniguruma", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-08-17T23:53:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "description": "It was discovered that Oniguruma incorrectly handled certain regular \nexpressions. An attacker could possibly use this issue to cause a denial \nof service, obtain sensitive information or other unspecified impact. \n(CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246)", "edition": 1, "modified": "2020-08-17T00:00:00", "published": "2020-08-17T00:00:00", "id": "USN-4460-1", "href": "https://ubuntu.com/security/notices/USN-4460-1", "title": "Oniguruma vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-11-10T10:21:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655)\n\nSecurity Fix(es):\n\n* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n* oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-08T13:08:00", "published": "2020-09-08T12:38:31", "id": "RHSA-2020:3662", "href": "https://access.redhat.com/errata/RHSA-2020:3662", "type": "redhat", "title": "(RHSA-2020:3662) Moderate: php:7.3 security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:27:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-7063", "CVE-2019-11050", "CVE-2019-11048", "CVE-2019-19204", "CVE-2019-11041", "CVE-2019-19203", "CVE-2019-11042", "CVE-2019-13224", "CVE-2020-7066", "CVE-2019-13225", "CVE-2020-7059", "CVE-2019-11040", "CVE-2019-20454", "CVE-2020-7064", "CVE-2019-11039", "CVE-2020-7060", "CVE-2020-7065", "CVE-2020-7062", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "description": "php\n[7.3.20-1]\n- update to 7.3.20 #1856655\nphp-pear\n[1:1.10.9-1]\n- update PEAR to 1.10.9\n- update Archive_Tar to 1.4.7\n- update Console_Getopt to 1.4.2", "edition": 3, "modified": "2020-09-09T00:00:00", "published": "2020-09-09T00:00:00", "id": "ELSA-2020-3662", "href": "http://linux.oracle.com/errata/ELSA-2020-3662.html", "title": "php:7.3 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}