{"id": "PHOTONOS_PHSA-2018-2_0-0058.NASL", "bulletinFamily": "scanner", "title": "Photon OS 2.0 : freetype2 / binutils (PhotonOS-PHSA-2018-2.0-0058) (deprecated)", "description": "An update of {'freetype2', 'binutils'} packages of Photon OS has been released.", "published": "2018-07-24T00:00:00", "modified": "2019-02-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=111308", "reporter": "Tenable", "references": ["http://www.nessus.org/u?0043d31c"], "cvelist": ["CVE-2018-6942", "CVE-2018-10373"], "type": "nessus", "lastseen": "2019-02-21T01:41:18", "edition": 6, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-10373", "CVE-2018-6942"]}, {"type": "f5", "idList": ["F5:K72122162"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2018-2_0-0058_BINUTILS.NASL", "EULEROS_SA-2018-1426.NASL", "FEDORA_2018-07A3E36499.NASL", "PHOTONOS_PHSA-2018-1_0-0148_FREETYPE2.NASL", "UBUNTU_USN-3572-1.NASL", "OPENSUSE-2020-704.NASL", "PHOTONOS_PHSA-2018-1_0-0148_BINUTILS.NASL", "SUSE_SU-2020-1353-1.NASL", "PHOTONOS_PHSA-2018-2_0-0058_FREETYPE2.NASL", "PHOTONOS_PHSA-2018-1_0-0148.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113116", "OPENVAS:1361412562310113115", "OPENVAS:1361412562311220191019", "OPENVAS:1361412562310843761", "OPENVAS:1361412562311220181400", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562310874135", "OPENVAS:1361412562310853175", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562310874192"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2020:0704-1", "OPENSUSE-SU-2018:3323-1"]}, {"type": "archlinux", "idList": ["ASA-201805-3"]}, {"type": "fedora", "idList": ["FEDORA:E880C60CB7FD", "FEDORA:CE6206030B04"]}, {"type": "ubuntu", "idList": ["USN-3572-1", "USN-4336-1"]}, {"type": "amazon", "idList": ["ALAS2-2019-1138"]}, {"type": "centos", "idList": ["CESA-2018:3032"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3032"]}, {"type": "redhat", "idList": ["RHSA-2018:3032"]}, {"type": "gentoo", "idList": ["GLSA-201908-01"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2020", "ORACLE:CPUAPR2020"]}], "modified": "2019-02-21T01:41:18", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2019-02-21T01:41:18", "rev": 2}, "vulnersScore": 6.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0058. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111308);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:51\");\n\n script_cve_id(\"CVE-2018-6942\", \"CVE-2018-10373\");\n script_bugtraq_id(104000);\n\n script_name(english:\"Photon OS 2.0 : freetype2 / binutils (PhotonOS-PHSA-2018-2.0-0058) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of {'freetype2', 'binutils'} packages of Photon OS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-58\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0043d31c\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6942\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"binutils-2.30-5.ph2\",\n \"binutils-debuginfo-2.30-5.ph2\",\n \"binutils-devel-2.30-5.ph2\",\n \"freetype2-2.7.1-5.ph2\",\n \"freetype2-debuginfo-2.7.1-5.ph2\",\n \"freetype2-devel-2.7.1-5.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / freetype2\");\n}\n", "naslFamily": "PhotonOS Local Security Checks", "pluginID": "111308", "cpe": ["p-cpe:/a:vmware:photonos:freetype2", "cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:binutils"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T20:25:45", "description": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-13T05:29:00", "title": "CVE-2018-6942", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6942"], "modified": "2020-05-24T00:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:freetype:freetype2:2.9"], "id": "CVE-2018-6942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6942", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype2:2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:08", "description": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-25T09:29:00", "title": "CVE-2018-10373", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10373"], "modified": "2019-08-03T13:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "id": "CVE-2018-10373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10373", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:04", "bulletinFamily": "software", "cvelist": ["CVE-2018-7569", "CVE-2018-10373"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-07-23T22:50:00", "published": "2018-07-23T22:50:00", "id": "F5:K72122162", "href": "https://support.f5.com/csp/article/K72122162", "title": "Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:41:15", "description": "An update of {'freetype2', 'binutils'} packages of Photon OS has been released.", "edition": 6, "published": "2018-07-24T00:00:00", "title": "Photon OS 1.0 : freetype2 / binutils (PhotonOS-PHSA-2018-1.0-0148) (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942", "CVE-2018-10373"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:freetype2", "p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0148.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111274", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0148. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111274);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2018-6942\", \"CVE-2018-10373\");\n script_bugtraq_id(104000);\n\n script_name(english:\"Photon OS 1.0 : freetype2 / binutils (PhotonOS-PHSA-2018-1.0-0148) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of {'freetype2', 'binutils'} packages of Photon OS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-148\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085208ed\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6942\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"binutils-2.30-4.ph1\",\n \"binutils-debuginfo-2.30-4.ph1\",\n \"binutils-devel-2.30-4.ph1\",\n \"freetype2-2.7.1-6.ph1\",\n \"freetype2-debuginfo-2.7.1-6.ph1\",\n \"freetype2-devel-2.7.1-6.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-17T22:39:32", "description": "An update of the freetype2 package has been released.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Freetype2 PHSA-2018-1.0-0148", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942", "CVE-2018-10373"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:freetype2", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0148_FREETYPE2.NASL", "href": "https://www.tenable.com/plugins/nessus/121846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0148. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121846);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-6942\");\n\n script_name(english:\"Photon OS 1.0: Freetype2 PHSA-2018-1.0-0148\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the freetype2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-148.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"freetype2-2.7.1-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"freetype2-debuginfo-2.7.1-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"freetype2-devel-2.7.1-6.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:39:42", "description": "An update of the freetype2 package has been released.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Freetype2 PHSA-2018-2.0-0058", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942", "CVE-2018-10373"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:freetype2", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0058_FREETYPE2.NASL", "href": "https://www.tenable.com/plugins/nessus/121955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0058. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121955);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-6942\");\n\n script_name(english:\"Photon OS 2.0: Freetype2 PHSA-2018-2.0-0058\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the freetype2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-58.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"freetype2-2.7.1-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"freetype2-debuginfo-2.7.1-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"freetype2-devel-2.7.1-5.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:15:51", "description": "Security fix for CVE-2018-6942.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-02-21T00:00:00", "title": "Fedora 27 : freetype (2018-07a3e36499)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "modified": "2018-02-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:freetype"], "id": "FEDORA_2018-07A3E36499.NASL", "href": "https://www.tenable.com/plugins/nessus/106905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-07a3e36499.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106905);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-6942\");\n script_xref(name:\"FEDORA\", value:\"2018-07a3e36499\");\n\n script_name(english:\"Fedora 27 : freetype (2018-07a3e36499)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-6942.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-07a3e36499\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"freetype-2.8-8.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-31T15:09:01", "description": "This update for freetype2 to version 2.10.1 fixes the following \nissues :\n\nSecurity issue fixed :\n\nCVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c\n(bsc#1079603).\n\nNon-security issues fixed :\n\nUpdate to version 2.10.1\n\n - The bytecode hinting of OpenType variation fonts was\n flawed, since the data in the `CVAR' table wasn't\n correctly applied.\n\n - Auto-hinter support for Mongolian.\n\n - The handling of the default character in PCF fonts as\n introduced in version 2.10.0 was partially broken,\n causing premature abortion of charmap iteration for many\n fonts.\n\n - If `FT_Set_Named_Instance' was called with the same\n arguments twice in a row, the function returned an\n incorrect error code the second time.\n\n - Direct rendering using FT_RASTER_FLAG_DIRECT crashed\n (bug introduced in version 2.10.0).\n\n - Increased precision while computing OpenType font\n variation instances.\n\n - The flattening algorithm of cubic Bezier curves was\n slightly changed to make it faster. This can cause very\n subtle rendering changes, which aren't noticeable by the\n eye, however.\n\n - The auto-hinter now disables hinting if there are blue\n zones defined for a `style' (i.e., a certain combination\n of a script and its related typographic features) but\n the font doesn't contain any characters needed to set up\n at least one blue zone.\n\nAdd tarball signatures and freetype2.keyring\n\nUpdate to version 2.10.0\n\n - A bunch of new functions has been added to access and\n process COLR/CPAL data of OpenType fonts with\n color-layered glyphs.\n\n - As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n\n - The logic for computing the global ascender, descender,\n and height of OpenType fonts has been slightly adjusted\n for consistency.\n\n - `TT_Set_MM_Blend' could fail if called repeatedly with\n the same arguments.\n\n - The precision of handling deltas in Variation Fonts has\n been increased.The problem did only show up with\n multidimensional designspaces.\n\n - New function `FT_Library_SetLcdGeometry' to set up the\n geometry of LCD subpixels.\n\n - FreeType now uses the `defaultChar' property of PCF\n fonts to set the glyph for the undefined character at\n glyph index 0 (as FreeType already does for all other\n supported font formats). As a consequence, the order of\n glyphs of a PCF font if accessed with FreeType can be\n different now compared to previous versions. This change\n doesn't affect PCF font access with cmaps.\n\n - `FT_Select_Charmap' has been changed to allow parameter\n value `FT_ENCODING_NONE', which is valid for BDF, PCF,\n and Windows FNT formats to access built-in cmaps that\n don't have a predefined `FT_Encoding' value.\n\n - A previously reserved field in the `FT_GlyphSlotRec'\n structure now holds the glyph index.\n\n - The usual round of fuzzer bug fixes to better reject\n malformed fonts.\n\n - `FT_Outline_New_Internal' and `FT_Outline_Done_Internal'\n have been removed.These two functions were public by\n oversight only and were never documented.\n\n - A new function `FT_Error_String' returns descriptions of\n error codes if configuration macro\n FT_CONFIG_OPTION_ERROR_STRINGS is defined.\n\n - `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector'\n are new functions limited to Adobe MultiMaster fonts to\n directly set and get the weight vector.\n\nEnable subpixel rendering with infinality config :\n\nRe-enable freetype-config, there is just too many fallouts.\n\nUpdate to version 2.9.1\n\n - Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n\n - CVE-2018-6942: Older FreeType versions can crash with\n certain malformed variation fonts.\n\n - Bug fix: Multiple calls to `FT_Get_MM_Var' returned\n garbage.\n\n - Emboldening of bitmaps didn't work correctly sometimes,\n showing various artifacts (bug introduced in version\n 2.8.1).\n\n - The auto-hinter script ranges have been updated for\n Unicode 11. No support for new scripts have been added,\n however, with the exception of Georgian Mtavruli.\n\nfreetype-config is now deprecated by upstream and not enabled by\ndefault.\n\nUpdate to version 2.10.1\n\n - The `ftmulti' demo program now supports multiple hidden\n axes with the same name tag.\n\n - `ftview', `ftstring', and `ftgrid' got a `-k' command\n line option to emulate a sequence of keystrokes at\n start-up.\n\n - `ftview', `ftstring', and `ftgrid' now support screen\n dumping to a PNG file.\n\n - The bytecode debugger, `ttdebug', now supports variation\n TrueType fonts; a variation font instance can be\n selected with the new `-d' command line option.\n\nAdd tarball signatures and freetype2.keyring\n\nUpdate to version 2.10.0\n\n - The `ftdump' demo program has new options `-c' and `-C'\n to display charmaps in compact and detailed format,\n respectively. Option `-V' has been removed.\n\n - The `ftview', `ftstring', and `ftgrid' demo programs use\n a new command line option `-d' to specify the program\n window's width, height, and color depth.\n\n - The `ftview' demo program now displays red boxes for\n zero-width glyphs.\n\n - `ftglyph' has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n\n - `ftgrid' can now display bitmap fonts also.\n\n - The `ttdebug' demo program has a new option `-f' to\n select a member of a TrueType collection (TTC).\n\n - Other various improvements to the demo programs.\n\nRemove 'Supplements: fonts-config' to avoid accidentally pulling in Qt\ndependencies on some non-Qt based desktops.(bsc#1091109) fonts-config\nis fundamental but ft2demos seldom installs by end users. only\nfonts-config maintainers/debuggers may use ft2demos along to debug\nsome issues.\n\nUpdate to version 2.9.1\n\n - No changelog upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-05-22T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:1353-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "modified": "2020-05-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libfreetype6", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:freetype2-debugsource", "p-cpe:/a:novell:suse_linux:freetype2-devel", "p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo", "p-cpe:/a:novell:suse_linux:libfreetype6-32bit-debuginfo"], "id": "SUSE_SU-2020-1353-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1353-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136800);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\"CVE-2018-6942\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:1353-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freetype2 to version 2.10.1 fixes the following \nissues :\n\nSecurity issue fixed :\n\nCVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c\n(bsc#1079603).\n\nNon-security issues fixed :\n\nUpdate to version 2.10.1\n\n - The bytecode hinting of OpenType variation fonts was\n flawed, since the data in the `CVAR' table wasn't\n correctly applied.\n\n - Auto-hinter support for Mongolian.\n\n - The handling of the default character in PCF fonts as\n introduced in version 2.10.0 was partially broken,\n causing premature abortion of charmap iteration for many\n fonts.\n\n - If `FT_Set_Named_Instance' was called with the same\n arguments twice in a row, the function returned an\n incorrect error code the second time.\n\n - Direct rendering using FT_RASTER_FLAG_DIRECT crashed\n (bug introduced in version 2.10.0).\n\n - Increased precision while computing OpenType font\n variation instances.\n\n - The flattening algorithm of cubic Bezier curves was\n slightly changed to make it faster. This can cause very\n subtle rendering changes, which aren't noticeable by the\n eye, however.\n\n - The auto-hinter now disables hinting if there are blue\n zones defined for a `style' (i.e., a certain combination\n of a script and its related typographic features) but\n the font doesn't contain any characters needed to set up\n at least one blue zone.\n\nAdd tarball signatures and freetype2.keyring\n\nUpdate to version 2.10.0\n\n - A bunch of new functions has been added to access and\n process COLR/CPAL data of OpenType fonts with\n color-layered glyphs.\n\n - As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n\n - The logic for computing the global ascender, descender,\n and height of OpenType fonts has been slightly adjusted\n for consistency.\n\n - `TT_Set_MM_Blend' could fail if called repeatedly with\n the same arguments.\n\n - The precision of handling deltas in Variation Fonts has\n been increased.The problem did only show up with\n multidimensional designspaces.\n\n - New function `FT_Library_SetLcdGeometry' to set up the\n geometry of LCD subpixels.\n\n - FreeType now uses the `defaultChar' property of PCF\n fonts to set the glyph for the undefined character at\n glyph index 0 (as FreeType already does for all other\n supported font formats). As a consequence, the order of\n glyphs of a PCF font if accessed with FreeType can be\n different now compared to previous versions. This change\n doesn't affect PCF font access with cmaps.\n\n - `FT_Select_Charmap' has been changed to allow parameter\n value `FT_ENCODING_NONE', which is valid for BDF, PCF,\n and Windows FNT formats to access built-in cmaps that\n don't have a predefined `FT_Encoding' value.\n\n - A previously reserved field in the `FT_GlyphSlotRec'\n structure now holds the glyph index.\n\n - The usual round of fuzzer bug fixes to better reject\n malformed fonts.\n\n - `FT_Outline_New_Internal' and `FT_Outline_Done_Internal'\n have been removed.These two functions were public by\n oversight only and were never documented.\n\n - A new function `FT_Error_String' returns descriptions of\n error codes if configuration macro\n FT_CONFIG_OPTION_ERROR_STRINGS is defined.\n\n - `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector'\n are new functions limited to Adobe MultiMaster fonts to\n directly set and get the weight vector.\n\nEnable subpixel rendering with infinality config :\n\nRe-enable freetype-config, there is just too many fallouts.\n\nUpdate to version 2.9.1\n\n - Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n\n - CVE-2018-6942: Older FreeType versions can crash with\n certain malformed variation fonts.\n\n - Bug fix: Multiple calls to `FT_Get_MM_Var' returned\n garbage.\n\n - Emboldening of bitmaps didn't work correctly sometimes,\n showing various artifacts (bug introduced in version\n 2.8.1).\n\n - The auto-hinter script ranges have been updated for\n Unicode 11. No support for new scripts have been added,\n however, with the exception of Georgian Mtavruli.\n\nfreetype-config is now deprecated by upstream and not enabled by\ndefault.\n\nUpdate to version 2.10.1\n\n - The `ftmulti' demo program now supports multiple hidden\n axes with the same name tag.\n\n - `ftview', `ftstring', and `ftgrid' got a `-k' command\n line option to emulate a sequence of keystrokes at\n start-up.\n\n - `ftview', `ftstring', and `ftgrid' now support screen\n dumping to a PNG file.\n\n - The bytecode debugger, `ttdebug', now supports variation\n TrueType fonts; a variation font instance can be\n selected with the new `-d' command line option.\n\nAdd tarball signatures and freetype2.keyring\n\nUpdate to version 2.10.0\n\n - The `ftdump' demo program has new options `-c' and `-C'\n to display charmaps in compact and detailed format,\n respectively. Option `-V' has been removed.\n\n - The `ftview', `ftstring', and `ftgrid' demo programs use\n a new command line option `-d' to specify the program\n window's width, height, and color depth.\n\n - The `ftview' demo program now displays red boxes for\n zero-width glyphs.\n\n - `ftglyph' has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n\n - `ftgrid' can now display bitmap fonts also.\n\n - The `ttdebug' demo program has a new option `-f' to\n select a member of a TrueType collection (TTC).\n\n - Other various improvements to the demo programs.\n\nRemove 'Supplements: fonts-config' to avoid accidentally pulling in Qt\ndependencies on some non-Qt based desktops.(bsc#1091109) fonts-config\nis fundamental but ft2demos seldom installs by end users. only\nfonts-config maintainers/debuggers may use ft2demos along to debug\nsome issues.\n\nUpdate to version 2.9.1\n\n - No changelog upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6942/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201353-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36ee49be\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1353=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6942\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"freetype2-debugsource-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"freetype2-devel-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfreetype6-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfreetype6-debuginfo-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"freetype2-debugsource-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"freetype2-devel-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libfreetype6-2.10.1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libfreetype6-debuginfo-2.10.1-4.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:46:55", "description": "It was discovered that FreeType incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-02-15T00:00:00", "title": "Ubuntu 17.10 : freetype vulnerability (USN-3572-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6"], "id": "UBUNTU_USN-3572-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3572-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106839);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-6942\");\n script_xref(name:\"USN\", value:\"3572-1\");\n\n script_name(english:\"Ubuntu 17.10 : freetype vulnerability (USN-3572-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FreeType incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3572-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libfreetype6\", pkgver:\"2.8-0.2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreetype6\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T17:13:33", "description": "This update for freetype2 to version 2.10.1 fixes the following \nissues :\n\nSecurity issue fixed :\n\n - CVE-2018-6942: Fixed a NULL pointer dereference within\n ttinerp.c (bsc#1079603).\n\nNon-security issues fixed :\n\n - Update to version 2.10.1\n\n - The bytecode hinting of OpenType variation fonts was\n flawed, since the data in the `CVAR' table wasn't\n correctly applied.\n\n - Auto-hinter support for Mongolian.\n\n - The handling of the default character in PCF fonts as\n introduced in version 2.10.0 was partially broken,\n causing premature abortion of charmap iteration for many\n fonts.\n\n - If `FT_Set_Named_Instance' was called with the same\n arguments twice in a row, the function returned an\n incorrect error code the second time.\n\n - Direct rendering using FT_RASTER_FLAG_DIRECT crashed\n (bug introduced in version 2.10.0).\n\n - Increased precision while computing OpenType font\n variation instances.\n\n - The flattening algorithm of cubic Bezier curves was\n slightly changed to make it faster. This can cause very\n subtle rendering changes, which aren't noticeable by the\n eye, however.\n\n - The auto-hinter now disables hinting if there are blue\n zones defined for a `style' (i.e., a certain combination\n of a script and its related typographic features) but\n the font doesn't contain any characters needed to set up\n at least one blue zone.\n\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n\n - A bunch of new functions has been added to access and\n process COLR/CPAL data of OpenType fonts with\n color-layered glyphs.\n\n - As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n\n - The logic for computing the global ascender, descender,\n and height of OpenType fonts has been slightly adjusted\n for consistency.\n\n - `TT_Set_MM_Blend' could fail if called repeatedly with\n the same arguments.\n\n - The precision of handling deltas in Variation Fonts has\n been increased.The problem did only show up with\n multidimensional designspaces.\n\n - New function `FT_Library_SetLcdGeometry' to set up the\n geometry of LCD subpixels.\n\n - FreeType now uses the `defaultChar' property of PCF\n fonts to set the glyph for the undefined character at\n glyph index 0 (as FreeType already does for all other\n supported font formats). As a consequence, the order of\n glyphs of a PCF font if accessed with FreeType can be\n different now compared to previous versions. This change\n doesn't affect PCF font access with cmaps.\n\n - `FT_Select_Charmap' has been changed to allow parameter\n value `FT_ENCODING_NONE', which is valid for BDF, PCF,\n and Windows FNT formats to access built-in cmaps that\n don't have a predefined `FT_Encoding' value.\n\n - A previously reserved field in the `FT_GlyphSlotRec'\n structure now holds the glyph index.\n\n - The usual round of fuzzer bug fixes to better reject\n malformed fonts.\n\n - `FT_Outline_New_Internal' and `FT_Outline_Done_Internal'\n have been removed.These two functions were public by\n oversight only and were never documented.\n\n - A new function `FT_Error_String' returns descriptions of\n error codes if configuration macro\n FT_CONFIG_OPTION_ERROR_STRINGS is defined.\n\n - `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector'\n are new functions limited to Adobe MultiMaster fonts to\n directly set and get the weight vector.\n\n - Enable subpixel rendering with infinality config :\n\n - Re-enable freetype-config, there is just too many\n fallouts. \n\n - Update to version 2.9.1\n\n - Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n\n - CVE-2018-6942: Older FreeType versions can crash with\n certain malformed variation fonts.\n\n - Bug fix: Multiple calls to `FT_Get_MM_Var' returned\n garbage.\n\n - Emboldening of bitmaps didn't work correctly sometimes,\n showing various artifacts (bug introduced in version\n 2.8.1).\n\n - The auto-hinter script ranges have been updated for\n Unicode 11. No support for new scripts have been added,\n however, with the exception of Georgian Mtavruli.\n\n - freetype-config is now deprecated by upstream and not\n enabled by default.\n\n - Update to version 2.10.1\n\n - The `ftmulti' demo program now supports multiple hidden\n axes with the same name tag.\n\n - `ftview', `ftstring', and `ftgrid' got a `-k' command\n line option to emulate a sequence of keystrokes at\n start-up.\n\n - `ftview', `ftstring', and `ftgrid' now support screen\n dumping to a PNG file.\n\n - The bytecode debugger, `ttdebug', now supports variation\n TrueType fonts; a variation font instance can be\n selected with the new `-d' command line option.\n\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n\n - The `ftdump' demo program has new options `-c' and `-C'\n to display charmaps in compact and detailed format,\n respectively. Option `-V' has been removed.\n\n - The `ftview', `ftstring', and `ftgrid' demo programs use\n a new command line option `-d' to specify the program\n window's width, height, and color depth.\n\n - The `ftview' demo program now displays red boxes for\n zero-width glyphs.\n\n - `ftglyph' has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n\n - `ftgrid' can now display bitmap fonts also.\n\n - The `ttdebug' demo program has a new option `-f' to\n select a member of a TrueType collection (TTC).\n\n - Other various improvements to the demo programs.\n\n - Remove 'Supplements: fonts-config' to avoid accidentally\n pulling in Qt dependencies on some non-Qt based\n desktops.(bsc#1091109) fonts-config is fundamental but\n ft2demos seldom installs by end users. only fonts-config\n maintainers/debuggers may use ft2demos along to debug\n some issues. \n\n - Update to version 2.9.1\n\n - No changelog upstream.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-05-26T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-2020-704)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "modified": "2020-05-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-profile-tti35", "p-cpe:/a:novell:opensuse:ftdiff", "p-cpe:/a:novell:opensuse:ftgamma", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "p-cpe:/a:novell:opensuse:ftbench", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:opensuse:ftgrid", "p-cpe:/a:novell:opensuse:ftstring", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:ftview", "p-cpe:/a:novell:opensuse:ftdump", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:ftvalid", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "p-cpe:/a:novell:opensuse:ftinspect", "p-cpe:/a:novell:opensuse:ftlint", "p-cpe:/a:novell:opensuse:ftmulti"], "id": "OPENSUSE-2020-704.NASL", "href": "https://www.tenable.com/plugins/nessus/136887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-704.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136887);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2018-6942\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-2020-704)\");\n script_summary(english:\"Check for the openSUSE-2020-704 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freetype2 to version 2.10.1 fixes the following \nissues :\n\nSecurity issue fixed :\n\n - CVE-2018-6942: Fixed a NULL pointer dereference within\n ttinerp.c (bsc#1079603).\n\nNon-security issues fixed :\n\n - Update to version 2.10.1\n\n - The bytecode hinting of OpenType variation fonts was\n flawed, since the data in the `CVAR' table wasn't\n correctly applied.\n\n - Auto-hinter support for Mongolian.\n\n - The handling of the default character in PCF fonts as\n introduced in version 2.10.0 was partially broken,\n causing premature abortion of charmap iteration for many\n fonts.\n\n - If `FT_Set_Named_Instance' was called with the same\n arguments twice in a row, the function returned an\n incorrect error code the second time.\n\n - Direct rendering using FT_RASTER_FLAG_DIRECT crashed\n (bug introduced in version 2.10.0).\n\n - Increased precision while computing OpenType font\n variation instances.\n\n - The flattening algorithm of cubic Bezier curves was\n slightly changed to make it faster. This can cause very\n subtle rendering changes, which aren't noticeable by the\n eye, however.\n\n - The auto-hinter now disables hinting if there are blue\n zones defined for a `style' (i.e., a certain combination\n of a script and its related typographic features) but\n the font doesn't contain any characters needed to set up\n at least one blue zone.\n\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n\n - A bunch of new functions has been added to access and\n process COLR/CPAL data of OpenType fonts with\n color-layered glyphs.\n\n - As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n\n - The logic for computing the global ascender, descender,\n and height of OpenType fonts has been slightly adjusted\n for consistency.\n\n - `TT_Set_MM_Blend' could fail if called repeatedly with\n the same arguments.\n\n - The precision of handling deltas in Variation Fonts has\n been increased.The problem did only show up with\n multidimensional designspaces.\n\n - New function `FT_Library_SetLcdGeometry' to set up the\n geometry of LCD subpixels.\n\n - FreeType now uses the `defaultChar' property of PCF\n fonts to set the glyph for the undefined character at\n glyph index 0 (as FreeType already does for all other\n supported font formats). As a consequence, the order of\n glyphs of a PCF font if accessed with FreeType can be\n different now compared to previous versions. This change\n doesn't affect PCF font access with cmaps.\n\n - `FT_Select_Charmap' has been changed to allow parameter\n value `FT_ENCODING_NONE', which is valid for BDF, PCF,\n and Windows FNT formats to access built-in cmaps that\n don't have a predefined `FT_Encoding' value.\n\n - A previously reserved field in the `FT_GlyphSlotRec'\n structure now holds the glyph index.\n\n - The usual round of fuzzer bug fixes to better reject\n malformed fonts.\n\n - `FT_Outline_New_Internal' and `FT_Outline_Done_Internal'\n have been removed.These two functions were public by\n oversight only and were never documented.\n\n - A new function `FT_Error_String' returns descriptions of\n error codes if configuration macro\n FT_CONFIG_OPTION_ERROR_STRINGS is defined.\n\n - `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector'\n are new functions limited to Adobe MultiMaster fonts to\n directly set and get the weight vector.\n\n - Enable subpixel rendering with infinality config :\n\n - Re-enable freetype-config, there is just too many\n fallouts. \n\n - Update to version 2.9.1\n\n - Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n\n - CVE-2018-6942: Older FreeType versions can crash with\n certain malformed variation fonts.\n\n - Bug fix: Multiple calls to `FT_Get_MM_Var' returned\n garbage.\n\n - Emboldening of bitmaps didn't work correctly sometimes,\n showing various artifacts (bug introduced in version\n 2.8.1).\n\n - The auto-hinter script ranges have been updated for\n Unicode 11. No support for new scripts have been added,\n however, with the exception of Georgian Mtavruli.\n\n - freetype-config is now deprecated by upstream and not\n enabled by default.\n\n - Update to version 2.10.1\n\n - The `ftmulti' demo program now supports multiple hidden\n axes with the same name tag.\n\n - `ftview', `ftstring', and `ftgrid' got a `-k' command\n line option to emulate a sequence of keystrokes at\n start-up.\n\n - `ftview', `ftstring', and `ftgrid' now support screen\n dumping to a PNG file.\n\n - The bytecode debugger, `ttdebug', now supports variation\n TrueType fonts; a variation font instance can be\n selected with the new `-d' command line option.\n\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n\n - The `ftdump' demo program has new options `-c' and `-C'\n to display charmaps in compact and detailed format,\n respectively. Option `-V' has been removed.\n\n - The `ftview', `ftstring', and `ftgrid' demo programs use\n a new command line option `-d' to specify the program\n window's width, height, and color depth.\n\n - The `ftview' demo program now displays red boxes for\n zero-width glyphs.\n\n - `ftglyph' has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n\n - `ftgrid' can now display bitmap fonts also.\n\n - The `ttdebug' demo program has a new option `-f' to\n select a member of a TrueType collection (TTC).\n\n - Other various improvements to the demo programs.\n\n - Remove 'Supplements: fonts-config' to avoid accidentally\n pulling in Qt dependencies on some non-Qt based\n desktops.(bsc#1091109) fonts-config is fundamental but\n ft2demos seldom installs by end users. only fonts-config\n maintainers/debuggers may use ft2demos along to debug\n some issues. \n\n - Update to version 2.9.1\n\n - No changelog upstream.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091109\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-profile-tti35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftbench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgrid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftinspect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftlint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftmulti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftvalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-debugsource-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-devel-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-profile-tti35-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreetype6-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreetype6-debuginfo-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ft2demos-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftbench-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftdiff-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftdump-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftgamma-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftgrid-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftinspect-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftlint-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftmulti-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftstring-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftvalid-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftview-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-lp151.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-profile-tti35 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:39:42", "description": "An update of the binutils package has been released.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Binutils PHSA-2018-2.0-0058", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10373"], "modified": "2019-02-07T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:binutils"], "id": "PHOTONOS_PHSA-2018-2_0-0058_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/121954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0058. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121954);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-10373\");\n\n script_name(english:\"Photon OS 2.0: Binutils PHSA-2018-2.0-0058\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-58.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"binutils-2.30-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"binutils-debuginfo-2.30-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"binutils-devel-2.30-5.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:39:32", "description": "An update of the binutils package has been released.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Binutils PHSA-2018-1.0-0148", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10373"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0148_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/121845", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0148. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121845);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-10373\");\n\n script_name(english:\"Photon OS 1.0: Binutils PHSA-2018-1.0-0148\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-148.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-2.30-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-debuginfo-2.30-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"binutils-devel-2.30-4.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:20", "description": "According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-12-10T00:00:00", "title": "EulerOS 2.0 SP3 : binutils (EulerOS-SA-2018-1400)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "modified": "2018-12-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils-devel", "p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1400.NASL", "href": "https://www.tenable.com/plugins/nessus/119528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119528);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10372\",\n \"CVE-2018-10373\",\n \"CVE-2018-10534\",\n \"CVE-2018-10535\",\n \"CVE-2018-7568\",\n \"CVE-2018-7569\",\n \"CVE-2018-7642\",\n \"CVE-2018-8945\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : binutils (EulerOS-SA-2018-1400)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - binutils: integer overflow via an ELF file with corrupt\n dwarf1 debug information in libbfd library\n (CVE-2018-7568)\n\n - binutils: integer underflow or overflow via an ELF file\n with a corrupt DWARF FORM block in libbfd library\n (CVE-2018-7569)\n\n - binutils: NULL pointer dereference in swap_std_reloc_in\n function in aoutx.h resulting in crash (CVE-2018-7642)\n\n - binutils: Crash in elf.c:bfd_section_from_shdr() with\n crafted executable (CVE-2018-8945)\n\n - binutils: Heap-base buffer over-read in\n dwarf.c:process_cu_tu_index() allows for denial of\n service via crafted file (CVE-2018-10372)\n\n - binutils: NULL pointer dereference in\n dwarf2.c:concat_filename() allows for denial of service\n via crafted file (CVE-2018-10373)\n\n - binutils: out of bounds memory write in peXXigen.c\n files (CVE-2018-10534)\n\n - binutils: NULL pointer dereference in elf.c\n (CVE-2018-10535)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1400\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebfc277a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8945\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.25.1-22.base.h17\",\n \"binutils-devel-2.25.1-22.base.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-28T13:26:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "description": "The remote host is missing an update for the ", "modified": "2020-05-27T00:00:00", "published": "2020-05-24T00:00:00", "id": "OPENVAS:1361412562310853175", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853175", "type": "openvas", "title": "openSUSE: Security Advisory for freetype2 (openSUSE-SU-2020:0704-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853175\");\n script_version(\"2020-05-27T04:05:03+0000\");\n script_cve_id(\"CVE-2018-6942\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-27 04:05:03 +0000 (Wed, 27 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-24 03:00:37 +0000 (Sun, 24 May 2020)\");\n script_name(\"openSUSE: Security Advisory for freetype2 (openSUSE-SU-2020:0704-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0704-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype2'\n package(s) announced via the openSUSE-SU-2020:0704-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for freetype2 to version 2.10.1 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c\n (bsc#1079603).\n\n Non-security issues fixed:\n\n - Update to version 2.10.1\n\n * The bytecode hinting of OpenType variation fonts was flawed, since the\n data in the `CVAR' table wasn't correctly applied.\n\n * Auto-hinter support for Mongolian.\n\n * The handling of the default character in PCF fonts as introduced in\n version 2.10.0 was partially broken, causing premature abortion\n of charmap iteration for many fonts.\n\n * If `FT_Set_Named_Instance' was called with the same arguments\n twice in a row, the function returned an incorrect error code the\n second time.\n\n * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug\n introduced in version 2.10.0).\n\n * Increased precision while computing OpenType font variation\n instances.\n\n * The flattening algorithm of cubic Bezier curves was slightly\n changed to make it faster. This can cause very subtle rendering\n changes, which aren't noticeable by the eye, however.\n\n * The auto-hinter now disables hinting if there are blue zones\n defined for a `style' (i.e., a certain combination of a script and its\n related typographic features) but the font doesn't contain any\n characters needed to set up at least one blue zone.\n\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n\n * A bunch of new functions has been added to access and process\n COLR/CPAL data of OpenType fonts with color-layered glyphs.\n\n * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n\n * The logic for computing the global ascender, descender, and height of\n OpenType fonts has been slightly adjusted for consistency.\n\n * `TT_Set_MM_Blend' could fail if called repeatedly with the same\n arguments.\n\n * The precision of handling deltas in Variation Fonts has been\n increased.The problem did only show up with multidimensional\n designspaces.\n\n * New function `FT_Library_SetLcdGeometry' to set up the geometry\n of LCD subpixels.\n\n * FreeType now uses the `defaultChar' property of PCF fonts to set the\n glyph for the undefined character at glyph index 0 (as FreeType\n already does for all other supported font formats). As a consequence,\n the order of glyphs of a PCF font if accessed with FreeType can be\n different now compared to previous versions. This change doesn't\n affect PCF font access with cmaps.\n\n * `FT_Select_Charmap' has been changed to allow parameter value\n `FT_ENCODING_NONE' ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'freetype2' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ft2demos\", rpm:\"ft2demos~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftbench\", rpm:\"ftbench~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftdiff\", rpm:\"ftdiff~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftdump\", rpm:\"ftdump~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftgamma\", rpm:\"ftgamma~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftgrid\", rpm:\"ftgrid~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftinspect\", rpm:\"ftinspect~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftlint\", rpm:\"ftlint~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftmulti\", rpm:\"ftmulti~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftstring\", rpm:\"ftstring~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftvalid\", rpm:\"ftvalid~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ftview\", rpm:\"ftview~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-32bit-debuginfo\", rpm:\"libfreetype6-32bit-debuginfo~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-profile-tti35\", rpm:\"freetype2-profile-tti35~2.10.1~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "description": "FreeType 2 is prone to a Denial of Service vulnerability.", "modified": "2018-10-24T00:00:00", "published": "2018-02-16T00:00:00", "id": "OPENVAS:1361412562310113116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113116", "type": "openvas", "title": "FreeType 2 DoS Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_freetype_dos_vuln_lin.nasl 12045 2018-10-24 06:51:17Z mmartin $\n#\n# FreeType 2 DoS Vulnerability (Linux)\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113116\");\n script_version(\"$Revision: 12045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 08:51:17 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-16 14:32:33 +0100 (Fri, 16 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-6942\");\n\n script_name(\"FreeType 2 DoS Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_freetype_detect_lin.nasl\");\n script_mandatory_keys(\"FreeType/Linux/Ver\");\n\n script_tag(name:\"summary\", value:\"FreeType 2 is prone to a Denial of Service vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"The script checks if a vulnerable version is present on the target system.\");\n script_tag(name:\"insight\", value:\"An issue was discovered in FreeType 2. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.\");\n script_tag(name:\"affected\", value:\"FreeType 2 through version 2.9.\");\n script_tag(name:\"solution\", value:\"Update to version 2.9.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\");\n script_xref(name:\"URL\", value:\"https://download.savannah.gnu.org/releases/freetype/\");\n script_xref(name:\"URL\", value:\"https://sourceforge.net/projects/freetype/files/freetype2/2.9.1/\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:freetype:freetype\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! version = get_app_version( cpe: CPE ) ) exit( 0 );\n\nif( version_in_range( version: version, test_version: \"2.0.0.0\", test_version2: \"2.9.0.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.9.1\" );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843761", "type": "openvas", "title": "Ubuntu Update for freetype USN-3572-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3572_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for freetype USN-3572-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843761\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-6942\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:15:58 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for freetype USN-3572-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n script_xref(name:\"USN\", value:\"3572-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3572-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the USN-3572-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that FreeType incorrectly handled certain files.\nAn attacker could possibly use this to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"freetype on Ubuntu 17.10.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.8-0.2ubuntu2.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310874192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874192", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2018-c1b8e0176c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c1b8e0176c_freetype_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for freetype FEDORA-2018-c1b8e0176c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874192\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:38:08 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-6942\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for freetype FEDORA-2018-c1b8e0176c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"freetype on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c1b8e0176c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZ4N6QQAPQ5MT3VRKWB3ENI4J74C6JP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.7.1~10.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-21T00:00:00", "id": "OPENVAS:1361412562310874135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874135", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2018-07a3e36499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_07a3e36499_freetype_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for freetype FEDORA-2018-07a3e36499\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874135\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-21 08:52:13 +0100 (Wed, 21 Feb 2018)\");\n script_cve_id(\"CVE-2018-6942\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for freetype FEDORA-2018-07a3e36499\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"freetype on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-07a3e36499\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TWNVAVEQJ4UWFL3QFIGL34SLPZWM4VD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.8~8.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6942"], "description": "FreeType 2 is prone to a Denial of Service vulnerability.", "modified": "2018-10-24T00:00:00", "published": "2018-02-16T00:00:00", "id": "OPENVAS:1361412562310113115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113115", "type": "openvas", "title": "FreeType 2 DoS Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_freetype_dos_vuln_win.nasl 12045 2018-10-24 06:51:17Z mmartin $\n#\n# FreeType 2 DoS Vulnerability (Windows)\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113115\");\n script_version(\"$Revision: 12045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-24 08:51:17 +0200 (Wed, 24 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-16 12:00:00 +0100 (Fri, 16 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-6942\");\n\n script_name(\"FreeType 2 DoS Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_freetype_detect_win.nasl\");\n script_mandatory_keys(\"FreeType/Win/Ver\");\n\n script_tag(name:\"summary\", value:\"FreeType 2 is prone to a Denial of Service vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"The script checks if a vulnerable version is present on the target system.\");\n script_tag(name:\"insight\", value:\"An issue was discovered in FreeType 2. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.\");\n script_tag(name:\"affected\", value:\"FreeType 2 through version 2.9.\");\n script_tag(name:\"solution\", value:\"Update to version 2.9.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\");\n script_xref(name:\"URL\", value:\"https://download.savannah.gnu.org/releases/freetype/\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:freetype:freetype\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! version = get_app_version( cpe: CPE ) ) exit( 0 );\n\nif( version_in_range( version: version, test_version: \"2.0.0.0\", test_version2: \"2.9.0.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.9.1\" );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181426", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1426\");\n script_version(\"2020-01-23T11:26:00+0000\");\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:26:00 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1426\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1426\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1426 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\nbinutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\nbinutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\nbinutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\nbinutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\nbinutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\nbinutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\nbinutils: NULL pointer dereference in elf.c (CVE-2018-10535)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.25.1~22.base.h14\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.25.1~22.base.h14\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181400", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1400)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1400\");\n script_version(\"2020-01-23T11:24:45+0000\");\n script_cve_id(\"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:24:45 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:24:45 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1400)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1400\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1400\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2018-1400 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\nbinutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\nbinutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\nbinutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\nbinutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\nbinutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\nbinutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\nbinutils: NULL pointer dereference in elf.c (CVE-2018-10535)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.25.1~22.base.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.25.1~22.base.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2017-14130", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191219", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1219)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1219\");\n script_version(\"2020-01-23T11:35:09+0000\");\n script_cve_id(\"CVE-2017-14130\", \"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:35:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:35:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1219)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1219\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1219\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-1219 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7568\n\nAn integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7569\n\nThe swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.CVE-2018-7642\n\nThe bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.CVE-2018-8945\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.CVE-2018-10372\n\nconcat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.CVE-2018-10373\n\nThe _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.CVE-2018-10534\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.CVE-2018-10535\n\nThe _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descri ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h11\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7642", "CVE-2017-14130", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191019", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1019)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1019\");\n script_version(\"2020-01-23T11:27:40+0000\");\n script_cve_id(\"CVE-2017-14130\", \"CVE-2018-1000876\", \"CVE-2018-10372\", \"CVE-2018-10373\", \"CVE-2018-10534\", \"CVE-2018-10535\", \"CVE-2018-7568\", \"CVE-2018-7569\", \"CVE-2018-7642\", \"CVE-2018-8945\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:27:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:27:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1019)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1019\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1019\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'binutils' package(s) announced via the EulerOS-SA-2019-1019 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\nbinutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\nbinutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\nbinutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\nbinutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\nbinutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\nbinutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\nbinutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\nbinutils: integer overflow leads to heap-based buffer overflow in objdump(CVE-2018-1000876)\n\nbinutils: bfd_elf_attr_strdup heap-based buffer over-read and application crash(CVE-2017-14130)\");\n\n script_tag(name:\"affected\", value:\"'binutils' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils\", rpm:\"binutils~2.27~28.base.1.h12.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"binutils-devel\", rpm:\"binutils-devel~2.27~28.base.1.h12.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6942"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2018-02-20T17:21:10", "published": "2018-02-20T17:21:10", "id": "FEDORA:E880C60CB7FD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: freetype-2.8-8.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6942"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2018-03-13T17:19:53", "published": "2018-03-13T17:19:53", "id": "FEDORA:CE6206030B04", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: freetype-2.7.1-10.fc26", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:26:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6942"], "description": "It was discovered that FreeType incorrectly handled certain files. \nAn attacker could possibly use this to cause a denial of service.", "edition": 5, "modified": "2018-02-14T00:00:00", "published": "2018-02-14T00:00:00", "id": "USN-3572-1", "href": "https://ubuntu.com/security/notices/USN-3572-1", "title": "FreeType vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "It was discovered that GNU binutils contained a large number of security \nissues. If a user or automated system were tricked into processing a \nspecially-crafted file, a remote attacker could cause GNU binutils to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.", "edition": 2, "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "USN-4336-1", "href": "https://ubuntu.com/security/notices/USN-4336-1", "title": "GNU binutils vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-05-24T03:10:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6942"], "description": "This update for freetype2 to version 2.10.1 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c\n (bsc#1079603).\n\n Non-security issues fixed:\n\n - Update to version 2.10.1\n * The bytecode hinting of OpenType variation fonts was flawed, since the\n data in the `CVAR' table wasn't correctly applied.\n * Auto-hinter support for Mongolian.\n * The handling of the default character in PCF fonts as introduced in\n version 2.10.0 was partially broken, causing premature abortion\n of charmap iteration for many fonts.\n * If `FT_Set_Named_Instance' was called with the same arguments\n twice in a row, the function returned an incorrect error code the\n second time.\n * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug\n introduced in version 2.10.0).\n * Increased precision while computing OpenType font variation\n instances.\n * The flattening algorithm of cubic Bezier curves was slightly\n changed to make it faster. This can cause very subtle rendering\n changes, which aren't noticeable by the eye, however.\n * The auto-hinter now disables hinting if there are blue zones\n defined for a `style' (i.e., a certain combination of a script and its\n related typographic features) but the font doesn't contain any\n characters needed to set up at least one blue zone.\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n * A bunch of new functions has been added to access and process\n COLR/CPAL data of OpenType fonts with color-layered glyphs.\n * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n * The logic for computing the global ascender, descender, and height of\n OpenType fonts has been slightly adjusted for consistency.\n * `TT_Set_MM_Blend' could fail if called repeatedly with the same\n arguments.\n * The precision of handling deltas in Variation Fonts has been\n increased.The problem did only show up with multidimensional\n designspaces.\n * New function `FT_Library_SetLcdGeometry' to set up the geometry\n of LCD subpixels.\n * FreeType now uses the `defaultChar' property of PCF fonts to set the\n glyph for the undefined character at glyph index 0 (as FreeType\n already does for all other supported font formats). As a consequence,\n the order of glyphs of a PCF font if accessed with FreeType can be\n different now compared to previous versions. This change doesn't\n affect PCF font access with cmaps.\n * `FT_Select_Charmap' has been changed to allow parameter value\n `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT\n formats to access built-in cmaps that don't have a predefined\n `FT_Encoding' value.\n * A previously reserved field in the `FT_GlyphSlotRec' structure now\n holds the glyph index.\n * The usual round of fuzzer bug fixes to better reject malformed fonts.\n * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been\n removed.These two functions were public by oversight only and were\n never documented.\n * A new function `FT_Error_String' returns descriptions of error codes\n if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined.\n * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new\n functions limited to Adobe MultiMaster fonts to directly set and get\n the weight vector.\n\n - Enable subpixel rendering with infinality config:\n\n - Re-enable freetype-config, there is just too many fallouts.\n\n - Update to version 2.9.1\n * Type 1 fonts containing flex features were not rendered correctly (bug\n introduced in version 2.9).\n * CVE-2018-6942: Older FreeType versions can crash with certain\n malformed variation fonts.\n * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.\n * Emboldening of bitmaps didn't work correctly sometimes, showing\n various artifacts (bug introduced in version 2.8.1).\n * The auto-hinter script ranges have been updated for Unicode 11. No\n support for new scripts have been added, however, with the exception\n of Georgian Mtavruli.\n - freetype-config is now deprecated by upstream and not enabled by default.\n\n - Update to version 2.10.1\n * The `ftmulti' demo program now supports multiple hidden axes with the\n same name tag.\n * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to\n emulate a sequence of keystrokes at start-up.\n * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG\n file.\n * The bytecode debugger, `ttdebug', now supports variation TrueType\n fonts; a variation font instance can be selected with the new `-d'\n command line option.\n - Add tarball signatures and freetype2.keyring\n\n - Update to version 2.10.0\n * The `ftdump' demo program has new options `-c' and `-C' to display\n charmaps in compact and detailed format, respectively. Option `-V' has\n been removed.\n * The `ftview', `ftstring', and `ftgrid' demo programs use a new command\n line option `-d' to specify the program window's width, height, and\n color depth.\n * The `ftview' demo program now displays red boxes for zero-width glyphs.\n * `ftglyph' has limited support to display fonts with color-layered\n glyphs.This will be improved later on.\n * `ftgrid' can now display bitmap fonts also.\n * The `ttdebug' demo program has a new option `-f' to select a member of\n a TrueType collection (TTC).\n * Other various improvements to the demo programs.\n\n - Remove &quot;Supplements: fonts-config&quot; to avoid accidentally pulling in Qt\n dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is\n fundamental but ft2demos seldom installs by end users.\n only fonts-config maintainers/debuggers may use ft2demos along to debug\n some issues.\n\n - Update to version 2.9.1\n * No changelog upstream.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-05-24T00:12:52", "published": "2020-05-24T00:12:52", "id": "OPENSUSE-SU-2020:0704-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html", "title": "Security update for freetype2 (moderate)", "type": "suse", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-10-23T16:31:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2017-16830", "CVE-2018-10534", "CVE-2018-7570", "CVE-2018-7569", "CVE-2017-16828", "CVE-2018-6872", "CVE-2017-16826", "CVE-2018-6543", "CVE-2018-10372", "CVE-2018-7568", "CVE-2018-6323", "CVE-2017-16831", "CVE-2018-7643", "CVE-2018-6759", "CVE-2017-16829", "CVE-2017-15938", "CVE-2017-16832", "CVE-2018-10535", "CVE-2017-15939", "CVE-2017-16827", "CVE-2017-15996", "CVE-2018-10373", "CVE-2018-8945"], "description": "This update for binutils to version 2.31 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-15996: readelf allowed remote attackers to cause a denial of\n service (excessive memory allocation) or possibly have unspecified other\n impact via a crafted ELF file that triggered a buffer overflow on fuzzed\n archive header (bsc#1065643)\n - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd)\n mishandled NULL files in a .debug_line file table, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted ELF file, related to concat_filename\n (bsc#1065689)\n - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd)\n miscalculated DW_FORM_ref_addr die refs in the case of a relocatable\n object file, which allowed remote attackers to cause a denial of service\n (find_abstract_instance_name invalid memory read, segmentation fault,\n and application crash) (bsc#1065693)\n - CVE-2017-16826: The coff_slurp_line_table function the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (invalid memory access and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068640)\n - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate size and offset\n values in the data dictionary, which allowed remote attackers to cause a\n denial of service (segmentation violation and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068643)\n - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did\n not validate the symbol count, which allowed remote attackers to cause a\n denial of service (integer overflow and application crash, or excessive\n memory allocation) or possibly have unspecified other impact via a\n crafted PE file (bsc#1068887)\n - CVE-2017-16830: The print_gnu_property_note function did not have\n integer-overflow protection on 32-bit platforms, which allowed remote\n attackers to cause a denial of service (segmentation violation and\n application crash) or possibly have unspecified other impact via a\n crafted ELF file (bsc#1068888)\n - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary\n File Descriptor (BFD) library (aka libbfd) did not prevent negative\n pointers, which allowed remote attackers to cause a denial of service\n (out-of-bounds read and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1068950)\n - CVE-2017-16828: The display_debug_frames function allowed remote\n attackers to cause a denial of service (integer overflow and heap-based\n buffer over-read, and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1069176)\n - CVE-2017-16827: The aout_get_external_symbols function in the Binary\n File Descriptor (BFD) library (aka libbfd) allowed remote attackers to\n cause a denial of service (slurp_symtab invalid free and application\n crash) or possibly have unspecified other impact via a crafted ELF file\n (bsc#1069202)\n - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) had an unsigned integer overflow because\n bfd_size_type multiplication is not used. A crafted ELF file allowed\n remote attackers to cause a denial of service (application crash) or\n possibly have unspecified\n other impact (bsc#1077745)\n - CVE-2018-6543: Prevent integer overflow in the function\n load_specific_debug_section() which resulted in `malloc()` with 0 size.\n A crafted ELF file allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact\n (bsc#1079103)\n - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File\n Descriptor (BFD) library (aka libbfd) had an unchecked strnlen\n operation. Remote attackers could have leveraged this vulnerability to\n cause a denial of service (segmentation fault) via a crafted ELF file\n (bsc#1079741)\n - CVE-2018-6872: The elf_parse_notes function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (out-of-bounds read and segmentation violation) via\n a note with a large alignment (bsc#1080556)\n - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File\n Descriptor (BFD) library (aka libbfd) an index was not validated, which\n allowed remote attackers to cause a denial of service (segmentation\n fault) or possibly have unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF object (bsc#1081527)\n - CVE-2018-7570: The assign_file_positions_for_non_load_sections function\n in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via an ELF file with a RELRO segment that lacks a\n matching LOAD segment, as demonstrated by objcopy (bsc#1083528)\n - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd)\n allowed remote attackers to cause a denial of service (integer underflow\n or overflow, and application crash) via an ELF file with a corrupt DWARF\n FORM block, as demonstrated by nm (bsc#1083532)\n - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (segmentation fault) via a large attribute section\n (bsc#1086608)\n - CVE-2018-7643: The display_debug_ranges function allowed remote\n attackers to cause a denial of service (integer overflow and application\n crash) or possibly have unspecified other impact via a crafted ELF file,\n as demonstrated by\n objdump (bsc#1086784)\n - CVE-2018-7642: The swap_std_reloc_in function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as demonstrated by\n objcopy (bsc#1086786)\n - CVE-2018-7568: The parse_die function in the Binary File Descriptor\n (BFD) library (aka libbfd) allowed remote attackers to cause a denial of\n service (integer overflow and application crash) via an ELF file with\n corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788)\n - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD)\n library (aka libbfd) allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash) via a crafted\n binary file, as demonstrated by nm-new (bsc#1090997)\n - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and application crash)\n via a crafted binary file, as demonstrated by readelf (bsc#1091015)\n - CVE-2018-10535: The ignore_section_sym function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate the\n output_section pointer in the case of a symtab entry with a &quot;SECTION&quot;\n type that has a &quot;0&quot; value, which allowed remote attackers to cause a\n denial of service (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by objcopy (bsc#1091365)\n - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in\n the Binary File Descriptor (BFD) library (aka libbfd) processesed a\n negative Data Directory size with an unbounded loop that increased the\n value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address\n exceeded its own memory region, resulting in an out-of-bounds memory\n write, as demonstrated by\n objcopy copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368)\n\n These non-security issues were fixed:\n\n - The AArch64 port now supports showing disassembly notes which are\n emitted when inconsistencies are found with the instruction that may\n result in the instruction being invalid. These can be turned on with\n the option -M notes to objdump.\n - The AArch64 port now emits warnings when a combination of an instruction\n and a named register could be invalid.\n - Added O modifier to ar to display member offsets inside an archive\n - The ADR and ADRL pseudo-instructions supported by the ARM assembler now\n only set the bottom bit of the address of thumb function symbols if the\n -mthumb-interwork command line option is active.\n - Add --generate-missing-build-notes=[yes|no] option to create (or not)\n GNU Build Attribute notes if none are present in the input sources. Add\n a\n --enable-generate-build-notes=[yes|no] configure time option to set the\n default behaviour. Set the default if the configure option is not used\n to &quot;no&quot;.\n - Remove -mold-gcc command-line option for x86 targets.\n - Add -O[2|s] command-line options to x86 assembler to enable alternate\n shorter instruction encoding.\n - Add support for .nops directive. It is currently supported only for x86\n targets.\n - Speed up direct linking with DLLs for Cygwin and Mingw targets.\n - Add a configure option --enable-separate-code to decide whether\n -z separate-code should be enabled in ELF linker by default. Default to\n yes for Linux/x86 targets. Note that -z separate-code can increase\n disk and memory size.\n - RISC-V: Fix symbol address problem with versioned symbols\n - Restore riscv64-elf cross prefix via symlinks\n - Fix pacemaker libqb problem with section start/stop symbols\n - RISC-V: Don't enable relaxation in relocatable link\n - Prevent linking faiures on i386 with assertion (bsc#1085784)\n - Fix symbol size bug when relaxation deletes bytes\n - Add --debug-dump=links option to readelf and --dwarf=links option to\n objdump which displays the contents of any .gnu_debuglink or\n .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to\n readelf and a --dwarf=follow-links\n option to objdump which causes indirect links into separate debug info\n files to be followed when dumping other DWARF sections.\n - Add support for loaction views in DWARF debug line information.\n - Add -z separate-code to generate separate code PT_LOAD segment.\n - Add &quot;-z undefs&quot; command line option as the inverse of the &quot;-z defs&quot;\n option.\n - Add -z globalaudit command line option to force audit libraries to be\n run for every dynamic object loaded by an executable - provided that the\n loader supports this functionality.\n - Tighten linker script grammar around file name specifiers to prevent the\n use\n of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These\n would previously be accepted but had no effect.\n - The EXCLUDE_FILE directive can now be placed within any SORT_* directive\n within input section lists.\n - Fix linker relaxation with --wrap\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-23T15:22:34", "published": "2018-10-23T15:22:34", "id": "OPENSUSE-SU-2018:3323-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00049.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T20:30:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9755", "CVE-2018-7642", "CVE-2018-7208", "CVE-2017-7223", "CVE-2017-16830", "CVE-2018-10534", "CVE-2018-7570", "CVE-2017-7299", "CVE-2017-9746", "CVE-2017-7300", "CVE-2018-7569", "CVE-2017-8396", "CVE-2017-16828", "CVE-2017-8394", "CVE-2018-6872", "CVE-2017-7224", "CVE-2017-16826", "CVE-2017-7303", "CVE-2018-6543", "CVE-2018-10372", "CVE-2017-9750", "CVE-2017-9756", "CVE-2017-7302", "CVE-2017-9748", "CVE-2014-9939", "CVE-2018-7568", "CVE-2017-6966", "CVE-2017-7225", "CVE-2018-6323", "CVE-2017-16831", "CVE-2018-7643", "CVE-2018-6759", "CVE-2017-16829", "CVE-2017-15938", "CVE-2017-8393", "CVE-2017-16832", "CVE-2017-8392", "CVE-2017-7301", "CVE-2017-6965", "CVE-2018-10535", "CVE-2017-7210", "CVE-2017-15939", "CVE-2017-7304", "CVE-2017-16827", "CVE-2017-7209", "CVE-2017-7226", "CVE-2017-15996", "CVE-2017-9747", "CVE-2018-10373", "CVE-2017-8421", "CVE-2017-6969", "CVE-2018-8945"], "description": "This update for binutils to 2.31 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-15996: readelf allowed remote attackers to cause a denial of\n service (excessive memory allocation) or possibly have unspecified other\n impact via a crafted ELF file that triggered a buffer overflow on fuzzed\n archive header (bsc#1065643).\n - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd)\n mishandled NULL files in a .debug_line file table, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted ELF file, related to concat_filename\n (bsc#1065689).\n - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd)\n miscalculated DW_FORM_ref_addr die refs in the case of a relocatable\n object file, which allowed remote attackers to cause a denial of service\n (find_abstract_instance_name invalid memory read, segmentation fault,\n and application crash) (bsc#1065693).\n - CVE-2017-16826: The coff_slurp_line_table function the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (invalid memory access and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068640).\n - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate size and offset\n values in the data dictionary, which allowed remote attackers to cause a\n denial of service (segmentation violation and application crash) or\n possibly have unspecified other impact via a crafted PE file\n (bsc#1068643).\n - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did\n not validate the symbol count, which allowed remote attackers to cause a\n denial of service (integer overflow and application crash, or excessive\n memory allocation) or possibly have unspecified other impact via a\n crafted PE file (bsc#1068887).\n - CVE-2017-16830: The print_gnu_property_note function did not have\n integer-overflow protection on 32-bit platforms, which allowed remote\n attackers to cause a denial of service (segmentation violation and\n application crash) or possibly have unspecified other impact via a\n crafted ELF file (bsc#1068888).\n - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary\n File Descriptor (BFD) library (aka libbfd) did not prevent negative\n pointers, which allowed remote attackers to cause a denial of service\n (out-of-bounds read and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1068950).\n - CVE-2017-16828: The display_debug_frames function allowed remote\n attackers to cause a denial of service (integer overflow and heap-based\n buffer over-read, and application crash) or possibly have unspecified\n other impact via a crafted ELF file (bsc#1069176).\n - CVE-2017-16827: The aout_get_external_symbols function in the Binary\n File Descriptor (BFD) library (aka libbfd) allowed remote attackers to\n cause a denial of service (slurp_symtab invalid free and application\n crash) or possibly have unspecified other impact via a crafted ELF file\n (bsc#1069202).\n - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) had an unsigned integer overflow because\n bfd_size_type multiplication is not used. A crafted ELF file allowed\n remote attackers to cause a denial of service (application crash) or\n possibly have unspecified\n other impact (bsc#1077745).\n - CVE-2018-6543: Prevent integer overflow in the function\n load_specific_debug_section() which resulted in `malloc()` with 0 size.\n A crafted ELF file allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact\n (bsc#1079103).\n - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File\n Descriptor (BFD) library (aka libbfd) had an unchecked strnlen\n operation. Remote attackers could have leveraged this vulnerability to\n cause a denial of service (segmentation fault) via a crafted ELF file\n (bsc#1079741).\n - CVE-2018-6872: The elf_parse_notes function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (out-of-bounds read and segmentation violation) via\n a note with a large alignment (bsc#1080556).\n - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File\n Descriptor (BFD) library (aka libbfd) an index was not validated, which\n allowed remote attackers to cause a denial of service (segmentation\n fault) or possibly have unspecified other impact via a crafted file, as\n demonstrated by objcopy of a COFF object (bsc#1081527).\n - CVE-2018-7570: The assign_file_positions_for_non_load_sections function\n in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via an ELF file with a RELRO segment that lacks a\n matching LOAD segment, as demonstrated by objcopy (bsc#1083528).\n - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd)\n allowed remote attackers to cause a denial of service (integer underflow\n or overflow, and application crash) via an ELF file with a corrupt DWARF\n FORM block, as demonstrated by nm (bsc#1083532).\n - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (segmentation fault) via a large attribute section\n (bsc#1086608).\n - CVE-2018-7643: The display_debug_ranges function allowed remote\n attackers to cause a denial of service (integer overflow and application\n crash) or possibly have unspecified other impact via a crafted ELF file,\n as demonstrated by\n objdump (bsc#1086784).\n - CVE-2018-7642: The swap_std_reloc_in function in the Binary File\n Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause\n a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference\n and application crash) via a crafted ELF file, as demonstrated by\n objcopy (bsc#1086786).\n - CVE-2018-7568: The parse_die function in the Binary File Descriptor\n (BFD) library (aka libbfd) allowed remote attackers to cause a denial of\n service (integer overflow and application crash) via an ELF file with\n corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788).\n - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD)\n library (aka libbfd) allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash) via a crafted\n binary file, as demonstrated by nm-new (bsc#1090997).\n - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and application crash)\n via a crafted binary file, as demonstrated by readelf (bsc#1091015).\n - CVE-2018-10535: The ignore_section_sym function in the Binary File\n Descriptor (BFD) library (aka libbfd) did not validate the\n output_section pointer in the case of a symtab entry with a &quot;SECTION&quot;\n type that has a &quot;0&quot; value, which allowed remote attackers to cause a\n denial of service (NULL pointer dereference and application crash) via a\n crafted file, as demonstrated by objcopy (bsc#1091365).\n - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in\n the Binary File Descriptor (BFD) library (aka libbfd) processesed a\n negative Data Directory size with an unbounded loop that increased the\n value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address\n exceeded its own memory region, resulting in an out-of-bounds memory\n write, as demonstrated by\n objcopy copying private info with\n _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c\n (bsc#1091368).\n\n These non-security issues were fixed:\n\n - The AArch64 port now supports showing disassembly notes which are\n emitted when inconsistencies are found with the instruction that may\n result in the instruction being invalid. These can be turned on with the\n option -M notes to objdump.\n - The AArch64 port now emits warnings when a combination of an instruction\n and a named register could be invalid.\n - Added O modifier to ar to display member offsets inside an archive\n - The ADR and ADRL pseudo-instructions supported by the ARM assembler now\n only set the bottom bit of the address of thumb function symbols if the\n -mthumb-interwork command line option is active.\n - Add --generate-missing-build-notes=[yes|no] option to create (or not)\n GNU Build Attribute notes if none are present in the input sources. Add\n a\n --enable-generate-build-notes=[yes|no] configure time option to set the\n default behaviour. Set the default if the configure option is not used\n to &quot;no&quot;.\n - Remove -mold-gcc command-line option for x86 targets.\n - Add -O[2|s] command-line options to x86 assembler to enable alternate\n shorter instruction encoding.\n - Add support for .nops directive. It is currently supported only for x86\n targets.\n - Speed up direct linking with DLLs for Cygwin and Mingw targets.\n - Add a configure option --enable-separate-code to decide whether\n -z separate-code should be enabled in ELF linker by default. Default to\n yes for Linux/x86 targets. Note that -z separate-code can increase disk\n and memory size.\n - RISC-V: Fix symbol address problem with versioned symbols\n - Restore riscv64-elf cross prefix via symlinks\n - RISC-V: Don't enable relaxation in relocatable link\n - Prevent linking faiures on i386 with assertion (bsc#1085784)\n - Fix symbol size bug when relaxation deletes bytes\n - Add --debug-dump=links option to readelf and --dwarf=links option to\n objdump which displays the contents of any .gnu_debuglink or\n .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to\n readelf and a --dwarf=follow-links\n option to objdump which causes indirect links into separate debug info\n files to be followed when dumping other DWARF sections.\n - Add support for loaction views in DWARF debug line information.\n - Add -z separate-code to generate separate code PT_LOAD segment.\n - Add &quot;-z undefs&quot; command line option as the inverse of the &quot;-z defs&quot;\n option.\n - Add -z globalaudit command line option to force audit libraries to be\n run for every dynamic object loaded by an executable - provided that the\n loader supports this functionality.\n - Tighten linker script grammar around file name specifiers to prevent the\n use\n of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These\n would previously be accepted but had no effect.\n - The EXCLUDE_FILE directive can now be placed within any SORT_* directive\n within input section lists.\n - Fix linker relaxation with --wrap\n - Add arm-none-eabi symlinks (bsc#1074741)\n\n Former updates of binutils also fixed the following security issues, for\n which there was not CVE assigned at the time the update was released or no\n mapping between code change and CVE existed:\n\n - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in\n Intel Hex objects (bsc#1030296).\n - CVE-2017-7225: The find_nearest_line function in addr2line did not\n handle the case where the main file name and the directory name are both\n empty, triggering a NULL pointer dereference and an invalid write, and\n leading to a program crash (bsc#1030585).\n - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable\n to an invalid write (of size 1) while disassembling a corrupt binary\n that contains an empty function name, leading to a program crash\n (bsc#1030588).\n - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer\n overflow (of size 1) while attempting to unget an EOF character from the\n input stream, potentially leading to a program crash (bsc#1030589).\n - CVE-2017-7226: The pe_ILF_object_p function in the Binary File\n Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based\n buffer over-read of size 4049 because it used the strlen function\n instead of strnlen, leading to program crashes in several utilities such\n as addr2line, size, and strings. It could lead to information disclosure\n as well (bsc#1030584).\n - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had\n an invalid read (of size 8) because the code to emit relocs\n (bfd_elf_final_link function in bfd/elflink.c) did not check the format\n of the input file trying to read the ELF reloc section header. The\n vulnerability leads to a GNU linker (ld) program crash (bsc#1031644).\n - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had\n an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a\n heap-based buffer over-read (off-by-one) because of an incomplete check\n for invalid string offsets while loading symbols, leading to a GNU\n linker (ld) program crash (bsc#1031656).\n - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had\n a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an\n invalid read (of size 4) because of missing checks for relocs that could\n not be recognised. This vulnerability caused Binutils utilities like\n strip to crash (bsc#1031595).\n - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read (of size 4) because of missing a check (in\n the find_link function) for null headers attempting to match them. This\n vulnerability caused Binutils utilities like strip to crash\n (bsc#1031593).\n - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had\n an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one\n vulnerability because it did not carefully check the string offset. The\n vulnerability could lead to a GNU linker (ld) program crash\n (bsc#1031638).\n - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read (of size 8) because of missing a check (in\n the copy_special_section_fields function) for an invalid sh_link field\n attempting to follow it. This vulnerability caused Binutils utilities\n like strip to crash (bsc#1031590).\n - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read of size 8 because of missing a check to\n determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line\n function. This vulnerability caused programs that conduct an analysis of\n binary programs using the libbfd library, such as objdump, to crash\n (bsc#1037052).\n - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to a global buffer over-read error because of an assumption\n made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA\n sections are always named starting with a .rel/.rela prefix. This\n vulnerability caused programs that conduct an analysis of binary\n programs using the libbfd library, such as\n objcopy and strip, to crash (bsc#1037057).\n - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read of size 4 due to NULL pointer\n dereferencing of _bfd_elf_large_com_section. This vulnerability caused\n programs that conduct an analysis of binary programs using the libbfd\n library, such as objcopy, to crash (bsc#1037061).\n - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was\n vulnerable to an invalid read of size 1 because the existing reloc\n offset range tests didn't catch small negative offsets less than the\n size of the reloc field. This vulnerability caused programs that conduct\n an analysis of binary programs using the libbfd library, such as\n objdump, to crash (bsc#1037066).\n - CVE-2017-8421: The function coff_set_alignment_hook in Binary File\n Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability\n which can cause memory exhaustion in objdump via a crafted PE file\n (bsc#1037273).\n - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed\n remote attackers to cause a denial of service (buffer overflow and\n application crash)\n or possibly have unspecified other impact via a crafted binary file, as\n demonstrated by mishandling of rae insns printing for this file during\n &quot;objdump\n -D&quot; execution (bsc#1044891).\n - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) might have allowed remote attackers to cause\n a denial of service (buffer overflow and application crash) or possibly\n have unspecified other impact via a crafted binary file, as demonstrated\n by mishandling of this file during &quot;objdump -D&quot; execution (bsc#1044897).\n - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor\n (BFD) library (aka libbfd) might have allowed remote attackers to cause\n a denial of service (buffer overflow and application crash) or possibly\n have unspecified\n other impact via a crafted binary file, as demonstrated by mishandling\n of this file during &quot;objdump -D&quot; execution (bsc#1044901).\n - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain\n scale arrays, which allowed remote attackers to cause a denial of\n service (buffer\n overflow and application crash) or possibly have unspecified other\n impact via a crafted binary file, as demonstrated by mishandling of\n this file during &quot;objdump -D&quot; execution (bsc#1044909).\n - CVE-2017-9755: Not considering the the number of registers for bnd mode\n allowed remote attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified other impact via a\n crafted binary file, as demonstrated by mishandling of this file during\n &quot;objdump -D&quot; execution (bsc#1044925).\n - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote\n attackers to cause a denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a crafted binary\n file, as demonstrated by mishandling of this file during &quot;objdump -D&quot;\n execution (bsc#1044927).\n - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a\n NULL pointer while reading section contents in a corrupt binary, leading\n to a program crash (bsc#1030298).\n - CVE-2017-6965: readelf wrote to illegal addresses while processing\n corrupt input files containing symbol-difference relocations, leading to\n a heap-based buffer overflow (bsc#1029909).\n - CVE-2017-6966: readelf had a use-after-free (specifically\n read-after-free) error while processing multiple, relocated sections in\n an MSP430 binary. This is caused by mishandling of an invalid symbol\n index, and mishandling of state across invocations (bsc#1029908).\n - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read\n while processing corrupt RL78 binaries. The vulnerability can trigger\n program crashes. It may lead to an information leak as well\n (bsc#1029907).\n - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer\n over-reads (of size 1 and size 8) while handling corrupt STABS enum type\n strings in a crafted object file, leading to program crash\n (bsc#1030297).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-10-18T18:52:54", "published": "2018-10-18T18:52:54", "id": "OPENSUSE-SU-2018:3223-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00039.html", "title": "Security update for binutils (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6942"], "description": "Arch Linux Security Advisory ASA-201805-3\n=========================================\n\nSeverity: Low\nDate : 2018-05-09\nCVE-ID : CVE-2018-6942\nPackage : freetype2\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-613\n\nSummary\n=======\n\nThe package freetype2 before version 2.9.1-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 2.9.1-1.\n\n# pacman -Syu \"freetype2>=2.9.1-1\"\n\nThe problem has been fixed upstream in version 2.9.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn issue was discovered in FreeType 2 before 2.9.1. A NULL pointer\ndereference in the Ins_GETVARIATION() function within ttinterp.c could\nlead to denial of service via a crafted font file.\n\nImpact\n======\n\nA remote attacker is able to cause a denial of service via a specially\ncrafted file.\n\nReferences\n==========\n\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736\nhttps://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef\nhttps://security.archlinux.org/CVE-2018-6942", "modified": "2018-05-09T00:00:00", "published": "2018-05-09T00:00:00", "id": "ASA-201805-3", "href": "https://security.archlinux.org/ASA-201805-3", "type": "archlinux", "title": "[ASA-201805-3] freetype2: denial of service", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7208", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-6323", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373"], "description": "**Issue Overview:**\n\nAn integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.([CVE-2018-7568 __](<https://access.redhat.com/security/cve/CVE-2018-7568>))\n\nThe ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a &quot;SECTION&quot; type that has a &quot;0&quot; value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.([CVE-2018-10535 __](<https://access.redhat.com/security/cve/CVE-2018-10535>))\n\nThe display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.([CVE-2018-7643 __](<https://access.redhat.com/security/cve/CVE-2018-7643>))\n\nconcat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.([CVE-2018-10373 __](<https://access.redhat.com/security/cve/CVE-2018-10373>))\n\nThe elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.([CVE-2018-6323 __](<https://access.redhat.com/security/cve/CVE-2018-6323>))\n\nAn integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.([CVE-2018-7569 __](<https://access.redhat.com/security/cve/CVE-2018-7569>))\n\nThe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.([CVE-2018-13033 __](<https://access.redhat.com/security/cve/CVE-2018-13033>))\n\nprocess_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.([CVE-2018-10372 __](<https://access.redhat.com/security/cve/CVE-2018-10372>))\n\nIn the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.([CVE-2018-7208 __](<https://access.redhat.com/security/cve/CVE-2018-7208>))\n\n \n**Affected Packages:** \n\n\nbinutils\n\n \n**Issue Correction:** \nRun _yum update binutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n binutils-2.29.1-27.amzn2.0.1.aarch64 \n binutils-devel-2.29.1-27.amzn2.0.1.aarch64 \n binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64 \n \n i686: \n binutils-2.29.1-27.amzn2.0.1.i686 \n binutils-devel-2.29.1-27.amzn2.0.1.i686 \n binutils-debuginfo-2.29.1-27.amzn2.0.1.i686 \n \n src: \n binutils-2.29.1-27.amzn2.0.1.src \n \n x86_64: \n binutils-2.29.1-27.amzn2.0.1.x86_64 \n binutils-devel-2.29.1-27.amzn2.0.1.x86_64 \n binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-01-07T21:47:00", "published": "2019-01-07T21:47:00", "id": "ALAS2-2019-1138", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1138.html", "title": "Low: binutils", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3032\n\n\nThe binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005330.html\n\n**Affected packages:**\nbinutils\nbinutils-devel\n\n**Upstream details at:**\n", "edition": 3, "modified": "2018-11-15T18:43:31", "published": "2018-11-15T18:43:31", "id": "CESA-2018:3032", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005330.html", "title": "binutils security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7642", "CVE-2018-7208", "CVE-2018-10534", "CVE-2018-7569", "CVE-2018-10372", "CVE-2018-13033", "CVE-2018-7568", "CVE-2018-7643", "CVE-2018-10535", "CVE-2018-10373", "CVE-2018-8945"], "description": "[2.27-34.base.0.1]\n- Backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598\n Add a test for R_386_GOT32/R_386_GOT32X IFUNC reloc error [Orabug 27930573]\n[2.27-34.base]\n- Fix seg-fault parsing corrupt AOUT format files. (#1579799)\n- Fix seg-fault parsing corrupt DWARF2 debug information. (#1579802)\n- Fix seg-fault parsing corrupt ELF format files. (#1579801)\n[2.27-33.base]\n- Fix seg-fault parsing ELF files. (#1578979)\n- Fix seg-fault parsing DWARF-2 information. (#1579065)\n- Fix seg-fault parsing DWARF-2 information. (#1579051)\n- Fix seg-fault parsing a PE format file. (#1579019)\n[2.27-32.base]\n- Fix seg-fault parsing DWARF-1 information. (#1569580)\n- Fix seg-fault parsing DWARF-2 information. (#1569891)\n- Fix seg-fault parsing COFF files. (#1571917)\n[2.27-31.base]\n- Allow 'lea foo@GOT, %reg' in PIC mode on the x86. (#1573872)\n[2.27-30.base]\n- Version bump in order to allow a rebuild, in order to work around a transient problem with the compose database.\n[2.27-29.base]\n- Add support for the GLOBALAUDIT dynamic linker tag.\n (#1439351)", "edition": 2, "modified": "2018-11-05T00:00:00", "published": "2018-11-05T00:00:00", "id": "ELSA-2018-3032", "href": "http://linux.oracle.com/errata/ELSA-2018-3032.html", "title": "binutils security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10372", "CVE-2018-10373", "CVE-2018-10534", "CVE-2018-10535", "CVE-2018-13033", "CVE-2018-7208", "CVE-2018-7568", "CVE-2018-7569", "CVE-2018-7642", "CVE-2018-7643", "CVE-2018-8945"], "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208)\n\n* binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)\n\n* binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)\n\n* binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)\n\n* binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643)\n\n* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)\n\n* binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)\n\n* binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)\n\n* binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)\n\n* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)\n\n* binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "modified": "2018-10-30T09:21:26", "published": "2018-10-30T08:11:05", "id": "RHSA-2018:3032", "href": "https://access.redhat.com/errata/RHSA-2018:3032", "type": "redhat", "title": "(RHSA-2018:3032) Low: binutils security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2019-08-03T15:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19932", "CVE-2018-10534", "CVE-2018-12698", "CVE-2018-12697", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-12641", "CVE-2018-12700", "CVE-2018-10535", "CVE-2018-20651", "CVE-2018-20002", "CVE-2018-10373"], "description": "### Background\n\nThe GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Binutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/binutils-2.32-r1\"", "edition": 1, "modified": "2019-08-03T00:00:00", "published": "2019-08-03T00:00:00", "id": "GLSA-201908-01", "href": "https://security.gentoo.org/glsa/201908-01", "title": "Binutils: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-05-15T05:08:22", "bulletinFamily": "software", "cvelist": ["CVE-2018-18700", "CVE-2018-9138", "CVE-2018-19932", "CVE-2018-18484", "CVE-2018-18309", "CVE-2018-1000876", "CVE-2018-10534", "CVE-2018-18605", "CVE-2018-17358", "CVE-2018-12698", "CVE-2019-9071", "CVE-2018-12697", "CVE-2019-17450", "CVE-2018-17794", "CVE-2019-14250", "CVE-2018-17985", "CVE-2019-12972", "CVE-2018-17360", "CVE-2018-10372", "CVE-2018-12699", "CVE-2018-13033", "CVE-2018-19931", "CVE-2018-18483", "CVE-2019-9075", "CVE-2019-9077", "CVE-2018-12641", "CVE-2018-12700", "CVE-2019-9073", "CVE-2018-10535", "CVE-2019-17451", "CVE-2018-12934", "CVE-2018-18607", "CVE-2018-20671", "CVE-2018-20651", "CVE-2019-9070", "CVE-2019-9074", "CVE-2018-17359", "CVE-2018-20002", "CVE-2018-10373", "CVE-2019-14444", "CVE-2018-18701", "CVE-2018-20623", "CVE-2018-18606", "CVE-2018-8945"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2018-1000876, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700, CVE-2018-12934, CVE-2018-13033, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17794, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-18700, CVE-2018-18701, CVE-2018-19931, CVE-2018-19932, CVE-2018-20002, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-8945, CVE-2018-9138, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2019-14250, CVE-2019-12972, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.176.0\n * CF Deployment \n * All versions prior to v13.0.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.176.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.0.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4336-1/>)\n * [CVE-2018-1000876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876>)\n * [CVE-2018-10372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10372>)\n * [CVE-2018-10373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373>)\n * [CVE-2018-10534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534>)\n * [CVE-2018-10535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535>)\n * [CVE-2018-12641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641>)\n * [CVE-2018-12697](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697>)\n * [CVE-2018-12698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698>)\n * [CVE-2018-12699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699>)\n * [CVE-2018-12700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700>)\n * [CVE-2018-12934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934>)\n * [CVE-2018-13033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033>)\n * [CVE-2018-17358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358>)\n * [CVE-2018-17359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359>)\n * [CVE-2018-17360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360>)\n * [CVE-2018-17794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794>)\n * [CVE-2018-17985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985>)\n * [CVE-2018-18309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18309>)\n * [CVE-2018-18483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18483>)\n * [CVE-2018-18484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484>)\n * [CVE-2018-18605](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605>)\n * [CVE-2018-18606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606>)\n * [CVE-2018-18607](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607>)\n * [CVE-2018-18700](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700>)\n * [CVE-2018-18701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701>)\n * [CVE-2018-19931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931>)\n * [CVE-2018-19932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932>)\n * [CVE-2018-20002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002>)\n * [CVE-2018-20623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623>)\n * [CVE-2018-20651](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651>)\n * [CVE-2018-20671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671>)\n * [CVE-2018-8945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945>)\n * [CVE-2018-9138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9138>)\n * [CVE-2019-9070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070>)\n * [CVE-2019-9071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071>)\n * [CVE-2019-9073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9073>)\n * [CVE-2019-9074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074>)\n * [CVE-2019-9075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075>)\n * [CVE-2019-9077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9077>)\n * [CVE-2019-14250](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14250>)\n * [CVE-2019-12972](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12972>)\n * [CVE-2019-14444](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14444>)\n * [CVE-2019-17450](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17450>)\n * [CVE-2019-17451](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17451>)\n\n## History\n\n2020-04-22: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-05-14T00:00:00", "published": "2020-05-14T00:00:00", "id": "CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A", "href": "https://www.cloudfoundry.org/blog/usn-4336-1/", "title": "USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2020-12-24T15:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "modified": "2020-12-08T00:00:00", "published": "2020-10-20T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:24", "bulletinFamily": "software", "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "modified": "2020-07-20T00:00:00", "published": "2020-04-14T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}