{"id": "OPENSUSE-2015-956.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : gummi (openSUSE-2015-956)", "description": "This update for gummi fixes the following issues :\n\n - CVE-2015-7758: Fix an exploitable issue caused by gummi\n setting predictable file names in /tmp; patch taken from\n debian patch tracker and submitted upstream\n (bnc#949682).", "published": "2015-12-29T00:00:00", "modified": "2015-12-29T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/87629", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=949682"], "cvelist": ["CVE-2015-7758"], "type": "nessus", "lastseen": "2021-01-20T12:29:03", "edition": 18, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-7758"]}, {"type": "fedora", "idList": ["FEDORA:AB7D1604F0C0", "FEDORA:F02B16075D89"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310807483"]}, {"type": "nessus", "idList": ["FEDORA_2016-94B0B50351.NASL", "OPENSUSE-2016-266.NASL", "FEDORA_2016-E21BE93421.NASL"]}], "modified": "2021-01-20T12:29:03", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-01-20T12:29:03", "rev": 2}, "vulnersScore": 5.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-956.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87629);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7758\");\n\n script_name(english:\"openSUSE Security Update : gummi (openSUSE-2015-956)\");\n script_summary(english:\"Check for the openSUSE-2015-956 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gummi fixes the following issues :\n\n - CVE-2015-7758: Fix an exploitable issue caused by gummi\n setting predictable file names in /tmp; patch taken from\n debian patch tracker and submitted upstream\n (bnc#949682).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949682\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gummi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gummi-0.6.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gummi-debuginfo-0.6.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gummi-debugsource-0.6.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gummi-0.6.5-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gummi-debuginfo-0.6.5-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gummi-debugsource-0.6.5-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-0.7.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-debuginfo-0.7.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-debugsource-0.7.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-lang-0.7.1-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gummi / gummi-debuginfo / gummi-debugsource / gummi-lang\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "87629", "cpe": ["p-cpe:/a:novell:opensuse:gummi-debugsource", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:gummi-lang", "p-cpe:/a:novell:opensuse:gummi-debuginfo", "p-cpe:/a:novell:opensuse:gummi", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:13.1"], "scheme": null, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}

{"cve": [{"lastseen": "2021-02-02T06:21:29", "description": "Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-01-08T19:59:00", "title": "CVE-2015-7758", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7758"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:gummi_project:gummi:0.6.5", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2015-7758", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7758", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gummi_project:gummi:0.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7758"], "description": "Gummi is a LaTeX editor written in the C programming language using the GTK+ interface toolkit. It was designed with simplicity and the novice user in mind, but also offers features that speak to the more advanced user. ", "modified": "2016-03-09T20:17:08", "published": "2016-03-09T20:17:08", "id": "FEDORA:AB7D1604F0C0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: gummi-0.6.6-1.fc22", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7758"], "description": "Gummi is a LaTeX editor written in the C programming language using the GTK+ interface toolkit. It was designed with simplicity and the novice user in mind, but also offers features that speak to the more advanced user. ", "modified": "2016-03-09T20:21:56", "published": "2016-03-09T20:21:56", "id": "FEDORA:F02B16075D89", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: gummi-0.6.6-1.fc23", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7758"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310807483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807483", "type": "openvas", "title": "Fedora Update for gummi FEDORA-2016-94", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gummi FEDORA-2016-94\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807483\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:13:01 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2015-7758\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gummi FEDORA-2016-94\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gummi'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gummi on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-94\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"gummi\", rpm:\"gummi~0.6.6~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:14:31", "description": "Fix CVE-2015-7758 (rhbz#1270816, rhbz#1270816)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-03-10T00:00:00", "title": "Fedora 23 : gummi-0.6.6-1.fc23 (2016-94b0b50351)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7758"], "modified": "2016-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gummi", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-94B0B50351.NASL", "href": "https://www.tenable.com/plugins/nessus/89803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-94b0b50351.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89803);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7758\");\n script_xref(name:\"FEDORA\", value:\"2016-94b0b50351\");\n\n script_name(english:\"Fedora 23 : gummi-0.6.6-1.fc23 (2016-94b0b50351)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2015-7758 (rhbz#1270816, rhbz#1270816)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1270816\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?deb6a077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gummi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gummi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"gummi-0.6.6-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gummi\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:54", "description": "Fix CVE-2015-7758 (rhbz#1270816, rhbz#1270816)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-03-10T00:00:00", "title": "Fedora 22 : gummi-0.6.6-1.fc22 (2016-e21be93421)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7758"], "modified": "2016-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gummi", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-E21BE93421.NASL", "href": "https://www.tenable.com/plugins/nessus/89805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-e21be93421.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89805);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7758\");\n script_xref(name:\"FEDORA\", value:\"2016-e21be93421\");\n\n script_name(english:\"Fedora 22 : gummi-0.6.6-1.fc22 (2016-e21be93421)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2015-7758 (rhbz#1270816, rhbz#1270816)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1270816\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?348a46b2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gummi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gummi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"gummi-0.6.6-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gummi\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:02", "description": "This update for gummi fixes the following issues :\n\n - CVE-2015-7758: predictable filenames in /tmp based on\n basename - use final upstream patch (boo#949682)", "edition": 18, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-02-26T00:00:00", "title": "openSUSE Security Update : gummi (openSUSE-2016-266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7758"], "modified": "2016-02-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gummi-debugsource", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:gummi-lang", "p-cpe:/a:novell:opensuse:gummi-debuginfo", "p-cpe:/a:novell:opensuse:gummi", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-266.NASL", "href": "https://www.tenable.com/plugins/nessus/88978", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-266.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88978);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7758\");\n\n script_name(english:\"openSUSE Security Update : gummi (openSUSE-2016-266)\");\n script_summary(english:\"Check for the openSUSE-2016-266 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gummi fixes the following issues :\n\n - CVE-2015-7758: predictable filenames in /tmp based on\n basename - use final upstream patch (boo#949682)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949682\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gummi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gummi-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gummi-0.6.5-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gummi-debuginfo-0.6.5-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gummi-debugsource-0.6.5-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-0.7.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-debuginfo-0.7.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-debugsource-0.7.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gummi-lang-0.7.1-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gummi / gummi-debuginfo / gummi-debugsource / gummi-lang\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}]}