Search...

SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2688-1)

2018-09-12T00:00:00

ID SUSE_SU-2018-2688-1.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

This update for libzypp, zypper fixes the following issues :

libzypp security fixes :

PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685)

PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685)

Be sure bad packages do not stay in the cache (bsc#1045735, CVE-2017-9269)

Fix repo gpg check workflows, mainly for unsigned repos and packages (bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436, CVE-2017-9269)

libzypp other changes/bugs fixed: Update to version 14.45.17

RepoInfo: add enum GpgCheck for convenient gpgcheck mode handling (bsc#1045735)

repo refresh: Re-probe if the repository type changes (bsc#1048315)

Use common workflow for downloading packages and srcpackages. This includes a common way of handling and reporting gpg signature and checks. (bsc#1037210)

PackageProvider: as well support downloading SrcPackage (for bsc#1037210)

Adapt to work with GnuPG 2.1.23 (bsc#1054088)

repo refresh: Re-probe if the repository type changes (bsc#1048315)

Handle http error 502 Bad Gateway in curl backend (bsc#1070851)

RepoManager: Explicitly request repo2solv to generate application pseudo packages.

Prefer calling 'repo2solv' rather than 'repo2solv.sh'

libzypp-devel should not require cmake (bsc#1101349)

HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803)

Avoid zombie tar processes (bsc#1076192)

lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)

zypper security fixes: Improve signature check callback messages (bsc#1045735, CVE-2017-9269)

add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269)

Adapt download callback to report and handle unsigned packages (bsc#1038984, CVE-2017-7436)

zypper other changes/bugs fixed: Update to version 1.11.70

Bugfix: Prevent ESC sequence strings from going out of scope (bsc#1092413)

XML <install-summary> attribute `packages-to-change` added (bsc#1102429) </install-summary>

man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028)

ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413)

do not recommend cron (bsc#1079334)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2688-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(117453);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/10 13:51:49");

  script_cve_id("CVE-2017-7435", "CVE-2017-7436", "CVE-2017-9269", "CVE-2018-7685");

  script_name(english:"SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2688-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for libzypp, zypper fixes the following issues :

libzypp security fixes :

PackageProvider: Validate delta rpms before caching (bsc#1091624,
bsc#1088705, CVE-2018-7685)

PackageProvider: Validate downloaded rpm package signatures before
caching (bsc#1091624, bsc#1088705, CVE-2018-7685)

Be sure bad packages do not stay in the cache (bsc#1045735,
CVE-2017-9269)

Fix repo gpg check workflows, mainly for unsigned repos and packages
(bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436,
CVE-2017-9269)

libzypp other changes/bugs fixed: Update to version 14.45.17

RepoInfo: add enum GpgCheck for convenient gpgcheck mode handling
(bsc#1045735)

repo refresh: Re-probe if the repository type changes (bsc#1048315)

Use common workflow for downloading packages and srcpackages. This
includes a common way of handling and reporting gpg signature and
checks. (bsc#1037210)

PackageProvider: as well support downloading SrcPackage (for
bsc#1037210)

Adapt to work with GnuPG 2.1.23 (bsc#1054088)

repo refresh: Re-probe if the repository type changes (bsc#1048315)

Handle http error 502 Bad Gateway in curl backend (bsc#1070851)

RepoManager: Explicitly request repo2solv to generate application
pseudo packages.

Prefer calling 'repo2solv' rather than 'repo2solv.sh'

libzypp-devel should not require cmake (bsc#1101349)

HardLocksFile: Prevent against empty commit without Target having been
been loaded (bsc#1096803)

Avoid zombie tar processes (bsc#1076192)

lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)

zypper security fixes: Improve signature check callback messages
(bsc#1045735, CVE-2017-9269)

add/modify repo: Add options to tune the GPG check settings
(bsc#1045735, CVE-2017-9269)

Adapt download callback to report and handle unsigned packages
(bsc#1038984, CVE-2017-7436)

zypper other changes/bugs fixed: Update to version 1.11.70

Bugfix: Prevent ESC sequence strings from going out of scope
(bsc#1092413)

XML &lt;install-summary&gt; attribute `packages-to-change` added
(bsc#1102429) &lt;/install-summary&gt;

man: Strengthen that `--config FILE' affects zypper.conf, not
zypp.conf (bsc#1100028)

ansi.h: Prevent ESC sequence strings from going out of scope
(bsc#1092413)

do not recommend cron (bsc#1079334)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1036304"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1037210"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1038984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1045735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1048315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1054088"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1070851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1076192"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1079334"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1088705"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091624"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1092413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1101349"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-7435/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-7436/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-9269/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7685/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182688-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?72e80294"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2018-1879=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libzypp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libzypp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libzypp-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zypper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zypper-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zypper-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"libzypp-14.45.17-2.82.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libzypp-debuginfo-14.45.17-2.82.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libzypp-debugsource-14.45.17-2.82.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"zypper-1.11.70-2.69.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"zypper-debuginfo-1.11.70-2.69.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"zypper-debugsource-1.11.70-2.69.2")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzypp / zypper");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_SU-2018-2688-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2688-1)", "description": "This update for libzypp, zypper fixes the following issues :\n\nlibzypp security fixes :\n\nPackageProvider: Validate delta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nBe sure bad packages do not stay in the cache (bsc#1045735,\nCVE-2017-9269)\n\nFix repo gpg check workflows, mainly for unsigned repos and packages\n(bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436,\nCVE-2017-9269)\n\nlibzypp other changes/bugs fixed: Update to version 14.45.17\n\nRepoInfo: add enum GpgCheck for convenient gpgcheck mode handling\n(bsc#1045735)\n\nrepo refresh: Re-probe if the repository type changes (bsc#1048315)\n\nUse common workflow for downloading packages and srcpackages. This\nincludes a common way of handling and reporting gpg signature and\nchecks. (bsc#1037210)\n\nPackageProvider: as well support downloading SrcPackage (for\nbsc#1037210)\n\nAdapt to work with GnuPG 2.1.23 (bsc#1054088)\n\nrepo refresh: Re-probe if the repository type changes (bsc#1048315)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nPrefer calling 'repo2solv' rather than 'repo2solv.sh'\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nlsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)\n\nzypper security fixes: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nAdapt download callback to report and handle unsigned packages\n(bsc#1038984, CVE-2017-7436)\n\nzypper other changes/bugs fixed: Update to version 1.11.70\n\nBugfix: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nXML <install-summary> attribute `packages-to-change` added\n(bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\ndo not recommend cron (bsc#1079334)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2018-09-12T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/117453", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-9269/", "https://bugzilla.suse.com/show_bug.cgi?id=1079334", "https://bugzilla.suse.com/show_bug.cgi?id=1091624", "https://bugzilla.suse.com/show_bug.cgi?id=1048315", "https://bugzilla.suse.com/show_bug.cgi?id=1037210", "https://bugzilla.suse.com/show_bug.cgi?id=1100028", "https://bugzilla.suse.com/show_bug.cgi?id=1101349", "https://bugzilla.suse.com/show_bug.cgi?id=1092413", "https://www.suse.com/security/cve/CVE-2017-7435/", "https://bugzilla.suse.com/show_bug.cgi?id=1076192", "https://bugzilla.suse.com/show_bug.cgi?id=1036304", "https://www.suse.com/security/cve/CVE-2017-7436/", "http://www.nessus.org/u?72e80294", "https://www.suse.com/security/cve/CVE-2018-7685/", "https://bugzilla.suse.com/show_bug.cgi?id=1099847", "https://bugzilla.suse.com/show_bug.cgi?id=1070851", "https://bugzilla.suse.com/show_bug.cgi?id=1054088", "https://bugzilla.suse.com/show_bug.cgi?id=1045735", "https://bugzilla.suse.com/show_bug.cgi?id=1038984", "https://bugzilla.suse.com/show_bug.cgi?id=1088705", "https://bugzilla.suse.com/show_bug.cgi?id=1096803", "https://bugzilla.suse.com/show_bug.cgi?id=1102429"], "cvelist": ["CVE-2018-7685", "CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "type": "nessus", "lastseen": "2021-01-01T06:13:42", "edition": 21, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2017-893.NASL", "OPENSUSE-2018-1017.NASL", "SUSE_SU-2017-2040-1.NASL", "OPENSUSE-2017-989.NASL", "SUSE_SU-2017-2264-1.NASL", "SUSE_SU-2018-2716-2.NASL", "SUSE_SU-2018-2690-1.NASL", "OPENSUSE-2019-685.NASL", "SUSE_SU-2018-2716-1.NASL", "SUSE_SU-2018-2555-1.NASL"]}, {"type": "cve", "idList": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2018-7685", "CVE-2017-9269"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2370-1", "OPENSUSE-SU-2017:2335-1", "OPENSUSE-SU-2018:2739-1", "SUSE-SU-2017:2344-1", "SUSE-SU-2017:2701-1", "OPENSUSE-SU-2017:2111-1", "SUSE-SU-2017:2264-1", "SUSE-SU-2017:2040-1", "OPENSUSE-SU-2018:2881-1", "SUSE-SU-2017:2470-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851606", "OPENVAS:1361412562310875078", "OPENVAS:1361412562310851608", "OPENVAS:1361412562310875077", "OPENVAS:1361412562310852022", "OPENVAS:1361412562310851588", "OPENVAS:1361412562310851914"]}, {"type": "fedora", "idList": ["FEDORA:68815602DC1B", "FEDORA:9F919602E7D5"]}], "modified": "2021-01-01T06:13:42", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-01-01T06:13:42", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2688-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117453);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2688-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper fixes the following issues :\n\nlibzypp security fixes :\n\nPackageProvider: Validate delta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nBe sure bad packages do not stay in the cache (bsc#1045735,\nCVE-2017-9269)\n\nFix repo gpg check workflows, mainly for unsigned repos and packages\n(bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436,\nCVE-2017-9269)\n\nlibzypp other changes/bugs fixed: Update to version 14.45.17\n\nRepoInfo: add enum GpgCheck for convenient gpgcheck mode handling\n(bsc#1045735)\n\nrepo refresh: Re-probe if the repository type changes (bsc#1048315)\n\nUse common workflow for downloading packages and srcpackages. This\nincludes a common way of handling and reporting gpg signature and\nchecks. (bsc#1037210)\n\nPackageProvider: as well support downloading SrcPackage (for\nbsc#1037210)\n\nAdapt to work with GnuPG 2.1.23 (bsc#1054088)\n\nrepo refresh: Re-probe if the repository type changes (bsc#1048315)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nPrefer calling 'repo2solv' rather than 'repo2solv.sh'\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nlsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)\n\nzypper security fixes: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nAdapt download callback to report and handle unsigned packages\n(bsc#1038984, CVE-2017-7436)\n\nzypper other changes/bugs fixed: Update to version 1.11.70\n\nBugfix: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nXML <install-summary> attribute `packages-to-change` added\n(bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\ndo not recommend cron (bsc#1079334)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182688-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72e80294\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1879=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libzypp-14.45.17-2.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libzypp-debuginfo-14.45.17-2.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libzypp-debugsource-14.45.17-2.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"zypper-1.11.70-2.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"zypper-debuginfo-1.11.70-2.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"zypper-debugsource-1.11.70-2.69.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / zypper\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "117453", "cpe": ["p-cpe:/a:novell:suse_linux:zypper-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:zypper-debuginfo", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo", "p-cpe:/a:novell:suse_linux:zypper"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"nessus": [{"lastseen": "2021-01-01T06:13:34", "description": "This update for libzypp, zypper provides the following fixes :\n\nlibzypp security fixes :\n\nCVE-2018-7685: Validate RPMs before caching (bsc#1091624, bsc#1088705)\n\nCVE-2017-9269: Be sure bad packages do not stay in the cache\n(bsc#1045735)\n\nCVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix repo gpg check\nworkflows, mainly for unsigned repos and packages (bsc#1045735,\nbsc#1038984)\n\nlibzypp changes :\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nPrefer calling 'repo2solv' rather than 'repo2solv.sh'.\n\nlibzypp-devel should not require cmake. (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nloaded. (bsc#1096803)\n\nAvoid zombie tar processes. (bsc#1076192)\n\nman: Make sure that '--config FILE' affects zypper.conf, not\nzypp.conf. (bsc#1100028)\n\nansi.h: Prevent ESC sequence strings from going out of scope.\n(bsc#1092413)\n\nRepoInfo: add enum GpgCheck for convenient gpgcheck mode handling\n(bsc#1045735)\n\nrepo refresh: Re-probe if the repository type changes (bsc#1048315)\n\nUse common workflow for downloading packages and srcpackages. This\nincludes a common way of handling and reporting gpg signature and\nchecks. (bsc#1037210)\n\nPackageProvider: as well support downloading SrcPackage (for\nbsc#1037210)\n\nAdapt to work with GnuPG 2.1.23 (bsc#1054088) Use 'gpg --list-packets'\nto determine the keyid to verify a signature.\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nzypper security fixes :\n\nImprove signature check callback messages (bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nAdapt download callback to report and handle unsigned packages\n(bsc#1038984, CVE-2017-7436)\n\nzypper changes :\n\ndownload: fix crash when non-package types are passed as argument\n(bsc#1037210)\n\nXML <install-summary> attribute `packages-to-change` added\n(bsc#1102429) </install-summary>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-31T00:00:00", "title": "SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2555-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:zypper-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:zypper-debuginfo", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo", "p-cpe:/a:novell:suse_linux:zypper"], "id": "SUSE_SU-2018-2555-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2555-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112200);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2555-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper provides the following fixes :\n\nlibzypp security fixes :\n\nCVE-2018-7685: Validate RPMs before caching (bsc#1091624, bsc#1088705)\n\nCVE-2017-9269: Be sure bad packages do not stay in the cache\n(bsc#1045735)\n\nCVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix repo gpg check\nworkflows, mainly for unsigned repos and packages (bsc#1045735,\nbsc#1038984)\n\nlibzypp changes :\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nPrefer calling 'repo2solv' rather than 'repo2solv.sh'.\n\nlibzypp-devel should not require cmake. (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nloaded. (bsc#1096803)\n\nAvoid zombie tar processes. (bsc#1076192)\n\nman: Make sure that '--config FILE' affects zypper.conf, not\nzypp.conf. (bsc#1100028)\n\nansi.h: Prevent ESC sequence strings from going out of scope.\n(bsc#1092413)\n\nRepoInfo: add enum GpgCheck for convenient gpgcheck mode handling\n(bsc#1045735)\n\nrepo refresh: Re-probe if the repository type changes (bsc#1048315)\n\nUse common workflow for downloading packages and srcpackages. This\nincludes a common way of handling and reporting gpg signature and\nchecks. (bsc#1037210)\n\nPackageProvider: as well support downloading SrcPackage (for\nbsc#1037210)\n\nAdapt to work with GnuPG 2.1.23 (bsc#1054088) Use 'gpg --list-packets'\nto determine the keyid to verify a signature.\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nzypper security fixes :\n\nImprove signature check callback messages (bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nAdapt download callback to report and handle unsigned packages\n(bsc#1038984, CVE-2017-7436)\n\nzypper changes :\n\ndownload: fix crash when non-package types are passed as argument\n(bsc#1037210)\n\nXML <install-summary> attribute `packages-to-change` added\n(bsc#1102429) </install-summary>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182555-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9b69723\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1792=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1792=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libzypp-15.25.17-46.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libzypp-debuginfo-15.25.17-46.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libzypp-debugsource-15.25.17-46.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"zypper-1.12.59-46.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"zypper-debuginfo-1.12.59-46.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"zypper-debugsource-1.12.59-46.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / zypper\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:26:08", "description": "The Software Update Stack was updated to receive fixes and\nenhancements. libzypp: Security issues fixed :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984) Bug fixes :\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d.\n\n - Adapt loop mounting of ISO images. (bsc#1038132,\n bsc#1033236)\n\n - Fix potential crash if repository has no baseurl.\n (bsc#1043218) zypper :\n\n - Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n\n - Report missing/optional files as 'not found' rather than\n 'error'. (bsc#1047785)\n\n - Document support for custom repository variables defined\n in /etc/zypp/vars.d.\n\n - Emphasize that it depends on how fast PackageKit will\n respond to a 'quit' request sent if PK blocks package\n management.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 35, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-04T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2017:2040-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "modified": "2017-08-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:zypper-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:zypper-debuginfo", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo", "p-cpe:/a:novell:suse_linux:zypper"], "id": "SUSE_SU-2017-2040-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2040-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102193);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2017:2040-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Software Update Stack was updated to receive fixes and\nenhancements. libzypp: Security issues fixed :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984) Bug fixes :\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d.\n\n - Adapt loop mounting of ISO images. (bsc#1038132,\n bsc#1033236)\n\n - Fix potential crash if repository has no baseurl.\n (bsc#1043218) zypper :\n\n - Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n\n - Report missing/optional files as 'not found' rather than\n 'error'. (bsc#1047785)\n\n - Document support for custom repository variables defined\n in /etc/zypp/vars.d.\n\n - Emphasize that it depends on how fast PackageKit will\n respond to a 'quit' request sent if PK blocks package\n management.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172040-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78fcab16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1252=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1252=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1252=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1252=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1252=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libzypp-16.15.2-27.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libzypp-debuginfo-16.15.2-27.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libzypp-debugsource-16.15.2-27.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"zypper-1.13.30-18.13.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"zypper-debuginfo-1.13.30-18.13.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"zypper-debugsource-1.13.30-18.13.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libzypp-16.15.2-27.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libzypp-debuginfo-16.15.2-27.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libzypp-debugsource-16.15.2-27.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"zypper-1.13.30-18.13.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"zypper-debuginfo-1.13.30-18.13.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"zypper-debugsource-1.13.30-18.13.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / zypper\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:26:13", "description": "The Software Update Stack was updated to receive fixes and\nenhancements. libzypp :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984)\n\n - Fix gpg-pubkey release (creation time) computation.\n (bsc#1036659)\n\n - Update lsof blacklist. (bsc#1046417)\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d. yast2-pkg-bindings :\n\n - Do not crash when the repository URL is not defined.\n (bsc#1043218)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-28T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libzypp (SUSE-SU-2017:2264-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "modified": "2017-08-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:yast2-pkg-bindings-debugsource", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:yast2-pkg-bindings-debuginfo", "p-cpe:/a:novell:suse_linux:yast2-pkg-bindings", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo"], "id": "SUSE_SU-2017-2264-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2264-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102802);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libzypp (SUSE-SU-2017:2264-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Software Update Stack was updated to receive fixes and\nenhancements. libzypp :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984)\n\n - Fix gpg-pubkey release (creation time) computation.\n (bsc#1036659)\n\n - Update lsof blacklist. (bsc#1046417)\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d. yast2-pkg-bindings :\n\n - Do not crash when the repository URL is not defined.\n (bsc#1043218)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172264-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e8a2724\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1390=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1390=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1390=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-pkg-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-pkg-bindings-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-pkg-bindings-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libzypp-16.15.3-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libzypp-debuginfo-16.15.3-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libzypp-debugsource-16.15.3-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"yast2-pkg-bindings-3.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"yast2-pkg-bindings-debuginfo-3.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"yast2-pkg-bindings-debugsource-3.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libzypp-16.15.3-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libzypp-debuginfo-16.15.3-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libzypp-debugsource-16.15.3-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"yast2-pkg-bindings-3.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"yast2-pkg-bindings-debuginfo-3.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"yast2-pkg-bindings-debugsource-3.2.4-2.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:33:25", "description": "The Software Update Stack was updated to receive fixes and\nenhancements.\n\nlibzypp :\n\nSecurity issues fixed :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984)\n\nBug fixes :\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d.\n\n - Adapt loop mounting of ISO images. (bsc#1038132,\n bsc#1033236)\n\n - Fix potential crash if repository has no baseurl.\n (bsc#1043218)\n\nzypper :\n\n - Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n\n - Report missing/optional files as 'not found' rather than\n 'error'. (bsc#1047785)\n\n - Document support for custom repository variables defined\n in /etc/zypp/vars.d.\n\n - Emphasize that it depends on how fast PackageKit will\n respond to a 'quit' request sent if PK blocks package\n management.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-10T00:00:00", "title": "openSUSE Security Update : libzypp / zypper (openSUSE-2017-893)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "modified": "2017-08-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:zypper", "p-cpe:/a:novell:opensuse:libzypp-debugsource", "p-cpe:/a:novell:opensuse:zypper-log", "p-cpe:/a:novell:opensuse:zypper-debugsource", "p-cpe:/a:novell:opensuse:libzypp", "p-cpe:/a:novell:opensuse:libzypp-devel", "p-cpe:/a:novell:opensuse:zypper-aptitude", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:libzypp-debuginfo", "p-cpe:/a:novell:opensuse:zypper-debuginfo"], "id": "OPENSUSE-2017-893.NASL", "href": "https://www.tenable.com/plugins/nessus/102334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-893.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102334);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\");\n\n script_name(english:\"openSUSE Security Update : libzypp / zypper (openSUSE-2017-893)\");\n script_summary(english:\"Check for the openSUSE-2017-893 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Software Update Stack was updated to receive fixes and\nenhancements.\n\nlibzypp :\n\nSecurity issues fixed :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984)\n\nBug fixes :\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d.\n\n - Adapt loop mounting of ISO images. (bsc#1038132,\n bsc#1033236)\n\n - Fix potential crash if repository has no baseurl.\n (bsc#1043218)\n\nzypper :\n\n - Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n\n - Report missing/optional files as 'not found' rather than\n 'error'. (bsc#1047785)\n\n - Document support for custom repository variables defined\n in /etc/zypp/vars.d.\n\n - Emphasize that it depends on how fast PackageKit will\n respond to a 'quit' request sent if PK blocks package\n management.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzypp / zypper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-aptitude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-log\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libzypp-16.15.2-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libzypp-debuginfo-16.15.2-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libzypp-debugsource-16.15.2-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libzypp-devel-16.15.2-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"zypper-1.13.30-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"zypper-aptitude-1.13.30-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"zypper-debuginfo-1.13.30-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"zypper-debugsource-1.13.30-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"zypper-log-1.13.30-5.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / libzypp-debuginfo / libzypp-debugsource / libzypp-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:33:39", "description": "The Software Update Stack was updated to receive fixes and\nenhancements.\n\nlibzypp :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984)\n\n - Fix gpg-pubkey release (creation time) computation.\n (bsc#1036659)\n\n - Update lsof blacklist. (bsc#1046417)\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d.\n\nyast2-pkg-bindings :\n\n - Do not crash when the repository URL is not defined.\n (bsc#1043218)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-05T00:00:00", "title": "openSUSE Security Update : libzypp (openSUSE-2017-989)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "modified": "2017-09-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:yast2-pkg-bindings-debugsource", "p-cpe:/a:novell:opensuse:yast2-pkg-bindings", "p-cpe:/a:novell:opensuse:libzypp-debugsource", "p-cpe:/a:novell:opensuse:yast2-pkg-bindings-debuginfo", "p-cpe:/a:novell:opensuse:libzypp", "p-cpe:/a:novell:opensuse:libzypp-devel", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:libzypp-debuginfo"], "id": "OPENSUSE-2017-989.NASL", "href": "https://www.tenable.com/plugins/nessus/102944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-989.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102944);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\");\n\n script_name(english:\"openSUSE Security Update : libzypp (openSUSE-2017-989)\");\n script_summary(english:\"Check for the openSUSE-2017-989 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Software Update Stack was updated to receive fixes and\nenhancements.\n\nlibzypp :\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG\n check workflows, mainly for unsigned repositories and\n packages. (bsc#1045735, bsc#1038984)\n\n - Fix gpg-pubkey release (creation time) computation.\n (bsc#1036659)\n\n - Update lsof blacklist. (bsc#1046417)\n\n - Re-probe on refresh if the repository type changes.\n (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport.\n (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally.\n (bsc#1009745)\n\n - Support custom repo variables defined in\n /etc/zypp/vars.d.\n\nyast2-pkg-bindings :\n\n - Do not crash when the repository URL is not defined.\n (bsc#1043218)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzypp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-pkg-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-pkg-bindings-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-pkg-bindings-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libzypp-16.15.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libzypp-debuginfo-16.15.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libzypp-debugsource-16.15.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libzypp-devel-16.15.3-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"yast2-pkg-bindings-3.2.4-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"yast2-pkg-bindings-debuginfo-3.2.4-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"yast2-pkg-bindings-debugsource-3.2.4-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / libzypp-debuginfo / libzypp-debugsource / libzypp-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:53:38", "description": "This update for libzypp, zypper, libsolv provides the following \nfixes :\n\nSecurity fixes in libzypp :\n\n - CVE-2018-7685: PackageProvider: Validate RPMs before\n caching (bsc#1091624, bsc#1088705)\n\n - CVE-2017-9269: Be sure bad packages do not stay in the\n cache (bsc#1045735)\n\nChanges in libzypp :\n\n - Update to version 17.6.4\n\n - Automatically fetch repository signing key from gpgkey\n url (bsc#1088037)\n\n - lsof: use '-K i' if lsof supports it\n (bsc#1099847,bsc#1036304)\n\n - Check for not imported keys after multi key import from\n rpmdb (bsc#1096217)\n\n - Flags: make it std=c++14 ready\n\n - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n\n - Show GPGME version in log\n\n - Adapt to changes in libgpgme11-11.1.0 breaking the\n signature verification (bsc#1100427)\n\n - RepoInfo::provideKey: add report telling where we look\n for missing keys.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Add new report to request user approval for importing a\n package key\n\n - Handle http error 502 Bad Gateway in curl backend\n (bsc#1070851)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Removed superfluous space in translation (bsc#1102019)\n\n - Prevent the system from sleeping during a commit\n\n - RepoManager: Explicitly request repo2solv to generate\n application pseudo packages.\n\n - libzypp-devel should not require cmake (bsc#1101349)\n\n - Avoid zombies from ExternalProgram\n\n - Update ApiConfig\n\n - HardLocksFile: Prevent against empty commit without\n Target having been been loaded (bsc#1096803)\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Fix detection of metalink downloads and prevent aborting\n if a metalink file is larger than the expected data\n file.\n\n - Require libsolv-devel >= 0.6.35 during build (fixing\n bsc#1100095)\n\n - Make use of %license macro (bsc#1082318)\n\nSecurity fix in zypper :\n\n - CVE-2017-9269: Improve signature check callback messages\n (bsc#1045735)\n\nChanges in zypper :\n\n - Always set error status if any nr of unknown\n repositories are passed to lr and ref (bsc#1093103)\n\n - Notify user about unsupported rpm V3 keys in an old rpm\n database (bsc#1096217)\n\n - Detect read only filesystem on system modifying\n operations (fixes #199)\n\n - Use %license (bsc#1082318)\n\n - Handle repo aliases containing multiple ':' in the\n PackageArgs parser (bsc #1041178)\n\n - Fix broken display of detailed query results.\n\n - Fix broken search for items with a dash. (bsc#907538,\n bsc#1043166, bsc#1070770)\n\n - Disable repository operations when searching installed\n packages. (bsc#1084525)\n\n - Prevent nested calls to exit() if aborted by a signal.\n (bsc#1092413)\n\n - ansi.h: Prevent ESC sequence strings from going out of\n scope. (bsc#1092413)\n\n - Fix some translation errors.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Check for root privileges in zypper verify and si\n (bsc#1058515)\n\n - XML <install-summary> attribute `packages-to-change`\n added (bsc#1102429)\n\n - Add expert (allow-*) options to all installer commands\n (bsc#428822)\n\n - Sort search results by multiple columns (bsc#1066215)\n\n - man: Strengthen that `--config FILE' affects\n zypper.conf, not zypp.conf (bsc#1100028)\n\n - Set error status if repositories passed to lr and ref\n are not known (bsc#1093103)\n\n - Do not override table style in search\n\n - Fix out of bound read in MbsIterator\n\n - Add --supplements switch to search and info\n\n - Add setter functions for zypp cache related config\n values to ZConfig\n\nChanges in libsolv :\n\n - convert repo2solv.sh script into a binary tool\n\n - Make use of %license macro (bsc#1082318)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : libzypp / zypper (openSUSE-2019-685)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsolv-debuginfo", "p-cpe:/a:novell:opensuse:perl-solv-debuginfo", "p-cpe:/a:novell:opensuse:zypper", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:python-solv-debuginfo", "p-cpe:/a:novell:opensuse:libsolv-devel", "p-cpe:/a:novell:opensuse:python3-solv-debuginfo", "p-cpe:/a:novell:opensuse:libsolv-tools", "p-cpe:/a:novell:opensuse:ruby-solv-debuginfo", "p-cpe:/a:novell:opensuse:libzypp-debugsource", "p-cpe:/a:novell:opensuse:libsolv-debugsource", "p-cpe:/a:novell:opensuse:python3-solv", "p-cpe:/a:novell:opensuse:zypper-log", "p-cpe:/a:novell:opensuse:zypper-debugsource", "p-cpe:/a:novell:opensuse:libsolv-tools-debuginfo", "p-cpe:/a:novell:opensuse:libzypp", "p-cpe:/a:novell:opensuse:libzypp-devel", "p-cpe:/a:novell:opensuse:libsolv-demo-debuginfo", "p-cpe:/a:novell:opensuse:zypper-aptitude", "p-cpe:/a:novell:opensuse:python-solv", "p-cpe:/a:novell:opensuse:libzypp-debuginfo", "p-cpe:/a:novell:opensuse:libsolv-demo", "p-cpe:/a:novell:opensuse:libsolv-devel-debuginfo", "p-cpe:/a:novell:opensuse:zypper-debuginfo", "p-cpe:/a:novell:opensuse:ruby-solv", "p-cpe:/a:novell:opensuse:perl-solv"], "id": "OPENSUSE-2019-685.NASL", "href": "https://www.tenable.com/plugins/nessus/123296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-685.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123296);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"openSUSE Security Update : libzypp / zypper (openSUSE-2019-685)\");\n script_summary(english:\"Check for the openSUSE-2019-685 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper, libsolv provides the following \nfixes :\n\nSecurity fixes in libzypp :\n\n - CVE-2018-7685: PackageProvider: Validate RPMs before\n caching (bsc#1091624, bsc#1088705)\n\n - CVE-2017-9269: Be sure bad packages do not stay in the\n cache (bsc#1045735)\n\nChanges in libzypp :\n\n - Update to version 17.6.4\n\n - Automatically fetch repository signing key from gpgkey\n url (bsc#1088037)\n\n - lsof: use '-K i' if lsof supports it\n (bsc#1099847,bsc#1036304)\n\n - Check for not imported keys after multi key import from\n rpmdb (bsc#1096217)\n\n - Flags: make it std=c++14 ready\n\n - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n\n - Show GPGME version in log\n\n - Adapt to changes in libgpgme11-11.1.0 breaking the\n signature verification (bsc#1100427)\n\n - RepoInfo::provideKey: add report telling where we look\n for missing keys.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Add new report to request user approval for importing a\n package key\n\n - Handle http error 502 Bad Gateway in curl backend\n (bsc#1070851)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Removed superfluous space in translation (bsc#1102019)\n\n - Prevent the system from sleeping during a commit\n\n - RepoManager: Explicitly request repo2solv to generate\n application pseudo packages.\n\n - libzypp-devel should not require cmake (bsc#1101349)\n\n - Avoid zombies from ExternalProgram\n\n - Update ApiConfig\n\n - HardLocksFile: Prevent against empty commit without\n Target having been been loaded (bsc#1096803)\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Fix detection of metalink downloads and prevent aborting\n if a metalink file is larger than the expected data\n file.\n\n - Require libsolv-devel >= 0.6.35 during build (fixing\n bsc#1100095)\n\n - Make use of %license macro (bsc#1082318)\n\nSecurity fix in zypper :\n\n - CVE-2017-9269: Improve signature check callback messages\n (bsc#1045735)\n\nChanges in zypper :\n\n - Always set error status if any nr of unknown\n repositories are passed to lr and ref (bsc#1093103)\n\n - Notify user about unsupported rpm V3 keys in an old rpm\n database (bsc#1096217)\n\n - Detect read only filesystem on system modifying\n operations (fixes #199)\n\n - Use %license (bsc#1082318)\n\n - Handle repo aliases containing multiple ':' in the\n PackageArgs parser (bsc #1041178)\n\n - Fix broken display of detailed query results.\n\n - Fix broken search for items with a dash. (bsc#907538,\n bsc#1043166, bsc#1070770)\n\n - Disable repository operations when searching installed\n packages. (bsc#1084525)\n\n - Prevent nested calls to exit() if aborted by a signal.\n (bsc#1092413)\n\n - ansi.h: Prevent ESC sequence strings from going out of\n scope. (bsc#1092413)\n\n - Fix some translation errors.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Check for root privileges in zypper verify and si\n (bsc#1058515)\n\n - XML <install-summary> attribute `packages-to-change`\n added (bsc#1102429)\n\n - Add expert (allow-*) options to all installer commands\n (bsc#428822)\n\n - Sort search results by multiple columns (bsc#1066215)\n\n - man: Strengthen that `--config FILE' affects\n zypper.conf, not zypp.conf (bsc#1100028)\n\n - Set error status if repositories passed to lr and ref\n are not known (bsc#1093103)\n\n - Do not override table style in search\n\n - Fix out of bound read in MbsIterator\n\n - Add --supplements switch to search and info\n\n - Add setter functions for zypp cache related config\n values to ZConfig\n\nChanges in libsolv :\n\n - convert repo2solv.sh script into a binary tool\n\n - Make use of %license macro (bsc#1082318)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=408814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=428822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907538\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzypp / zypper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-aptitude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-log\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-debugsource-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-demo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-demo-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-devel-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-devel-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-tools-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-tools-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-debuginfo-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-debugsource-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-devel-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"perl-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"perl-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-aptitude-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-debuginfo-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-debugsource-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-log-1.14.10-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsolv-debuginfo / libsolv-debugsource / libsolv-demo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:13:46", "description": "This update for libzypp, zypper fixes the following issues :\n\nUpdate libzypp to version 16.17.20 :\n\nSecurity issues fixed :\n\nPackageProvider: Validate deta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed: lsof: use '-K i' if lsof supports it (bsc#1099847,\nbsc#1036304)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45 :\n\nSecurity issues fixed: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed: XML <install-summary> attribute `packages-to-change`\nadded (bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nPrevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nFix: zypper bash completion expands non-existing options (bsc#1049825)\n\nImprove signature check callback messages (bsc#1045735)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-25T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2814-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:zypper-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:zypper-debuginfo", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo", "p-cpe:/a:novell:suse_linux:zypper"], "id": "SUSE_SU-2018-2814-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2814-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117694);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2814-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper fixes the following issues :\n\nUpdate libzypp to version 16.17.20 :\n\nSecurity issues fixed :\n\nPackageProvider: Validate deta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed: lsof: use '-K i' if lsof supports it (bsc#1099847,\nbsc#1036304)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45 :\n\nSecurity issues fixed: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed: XML <install-summary> attribute `packages-to-change`\nadded (bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nPrevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nFix: zypper bash completion expands non-existing options (bsc#1049825)\n\nImprove signature check callback messages (bsc#1045735)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182814-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?668d4976\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1969=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1969=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1969=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libzypp-16.17.20-2.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libzypp-debuginfo-16.17.20-2.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libzypp-debugsource-16.17.20-2.33.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"zypper-1.13.45-21.21.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"zypper-debuginfo-1.13.45-21.21.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"zypper-debugsource-1.13.45-21.21.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libzypp-16.17.20-2.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libzypp-debuginfo-16.17.20-2.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libzypp-debugsource-16.17.20-2.33.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"zypper-1.13.45-21.21.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"zypper-debuginfo-1.13.45-21.21.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"zypper-debugsource-1.13.45-21.21.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / zypper\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:13:43", "description": "This update for libzypp, zypper provides the following fixes :\n\nUpdate libzypp to version 16.17.20\n\nSecurity issues fixed :\n\nPackageProvider: Validate delta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed: lsof: use '-K i' if lsof supports it (bsc#1099847,\nbsc#1036304)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45\n\nSecurity issue fixed: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed: XML <install-summary> attribute `packages-to-change`\nadded (bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nPrevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nFix: zypper bash completion expands non-existing options (bsc#1049825)\n\ndo not recommend cron (bsc#1079334)\n\nImprove signature check callback messages (bsc#1045735)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-22T00:00:00", "title": "SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:zypper-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:zypper-debuginfo", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo", "p-cpe:/a:novell:suse_linux:zypper"], "id": "SUSE_SU-2018-2716-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2716-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118289);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper provides the following fixes :\n\nUpdate libzypp to version 16.17.20\n\nSecurity issues fixed :\n\nPackageProvider: Validate delta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed: lsof: use '-K i' if lsof supports it (bsc#1099847,\nbsc#1036304)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45\n\nSecurity issue fixed: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed: XML <install-summary> attribute `packages-to-change`\nadded (bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nPrevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nFix: zypper bash completion expands non-existing options (bsc#1049825)\n\ndo not recommend cron (bsc#1079334)\n\nImprove signature check callback messages (bsc#1045735)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182716-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ff5c469\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-1905=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libzypp-16.17.20-27.52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libzypp-debuginfo-16.17.20-27.52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libzypp-debugsource-16.17.20-27.52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"zypper-1.13.45-18.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"zypper-debuginfo-1.13.45-18.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"zypper-debugsource-1.13.45-18.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / zypper\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:13:43", "description": "This update for libzypp, zypper provides the following fixes :\n\nUpdate libzypp to version 16.17.20\n\nSecurity issues fixed :\n\nPackageProvider: Validate delta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed: lsof: use '-K i' if lsof supports it (bsc#1099847,\nbsc#1036304)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45\n\nSecurity issue fixed: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed: XML <install-summary> attribute `packages-to-change`\nadded (bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nPrevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nFix: zypper bash completion expands non-existing options (bsc#1049825)\n\ndo not recommend cron (bsc#1079334)\n\nImprove signature check callback messages (bsc#1045735)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-17T00:00:00", "title": "SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:zypper-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libzypp", "p-cpe:/a:novell:suse_linux:zypper-debuginfo", "p-cpe:/a:novell:suse_linux:libzypp-debugsource", "p-cpe:/a:novell:suse_linux:libzypp-debuginfo", "p-cpe:/a:novell:suse_linux:zypper"], "id": "SUSE_SU-2018-2716-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117528", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2716-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117528);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper provides the following fixes :\n\nUpdate libzypp to version 16.17.20\n\nSecurity issues fixed :\n\nPackageProvider: Validate delta rpms before caching (bsc#1091624,\nbsc#1088705, CVE-2018-7685)\n\nPackageProvider: Validate downloaded rpm package signatures before\ncaching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed: lsof: use '-K i' if lsof supports it (bsc#1099847,\nbsc#1036304)\n\nHandle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\nRepoManager: Explicitly request repo2solv to generate application\npseudo packages.\n\nlibzypp-devel should not require cmake (bsc#1101349)\n\nHardLocksFile: Prevent against empty commit without Target having been\nbeen loaded (bsc#1096803)\n\nAvoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45\n\nSecurity issue fixed: Improve signature check callback messages\n(bsc#1045735, CVE-2017-9269)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed: XML <install-summary> attribute `packages-to-change`\nadded (bsc#1102429) </install-summary>\n\nman: Strengthen that `--config FILE' affects zypper.conf, not\nzypp.conf (bsc#1100028)\n\nPrevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\nansi.h: Prevent ESC sequence strings from going out of scope\n(bsc#1092413)\n\nFix: zypper bash completion expands non-existing options (bsc#1049825)\n\ndo not recommend cron (bsc#1079334)\n\nImprove signature check callback messages (bsc#1045735)\n\nadd/modify repo: Add options to tune the GPG check settings\n(bsc#1045735)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9269/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182716-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2be265a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-1905=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1905=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1905=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-1905=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1905=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libzypp-16.17.20-27.52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libzypp-debuginfo-16.17.20-27.52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libzypp-debugsource-16.17.20-27.52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"zypper-1.13.45-18.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"zypper-debuginfo-1.13.45-18.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"zypper-debugsource-1.13.45-18.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzypp / zypper\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:33:44", "description": "This update for libzypp, zypper, libsolv provides the following \nfixes :\n\nSecurity fixes in libzypp :\n\n - CVE-2018-7685: PackageProvider: Validate RPMs before\n caching (bsc#1091624, bsc#1088705)\n\n - CVE-2017-9269: Be sure bad packages do not stay in the\n cache (bsc#1045735)\n\nChanges in libzypp :\n\n - Update to version 17.6.4\n\n - Automatically fetch repository signing key from gpgkey\n url (bsc#1088037)\n\n - lsof: use '-K i' if lsof supports it\n (bsc#1099847,bsc#1036304)\n\n - Check for not imported keys after multi key import from\n rpmdb (bsc#1096217)\n\n - Flags: make it std=c++14 ready\n\n - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n\n - Show GPGME version in log\n\n - Adapt to changes in libgpgme11-11.1.0 breaking the\n signature verification (bsc#1100427)\n\n - RepoInfo::provideKey: add report telling where we look\n for missing keys.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Add new report to request user approval for importing a\n package key\n\n - Handle http error 502 Bad Gateway in curl backend\n (bsc#1070851)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Removed superfluous space in translation (bsc#1102019)\n\n - Prevent the system from sleeping during a commit\n\n - RepoManager: Explicitly request repo2solv to generate\n application pseudo packages.\n\n - libzypp-devel should not require cmake (bsc#1101349)\n\n - Avoid zombies from ExternalProgram\n\n - Update ApiConfig\n\n - HardLocksFile: Prevent against empty commit without\n Target having been been loaded (bsc#1096803)\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Fix detection of metalink downloads and prevent aborting\n if a metalink file is larger than the expected data\n file.\n\n - Require libsolv-devel >= 0.6.35 during build (fixing\n bsc#1100095)\n\n - Make use of %license macro (bsc#1082318)\n\nSecurity fix in zypper :\n\n - CVE-2017-9269: Improve signature check callback messages\n (bsc#1045735)\n\nChanges in zypper :\n\n - Always set error status if any nr of unknown\n repositories are passed to lr and ref (bsc#1093103)\n\n - Notify user about unsupported rpm V3 keys in an old rpm\n database (bsc#1096217)\n\n - Detect read only filesystem on system modifying\n operations (fixes #199)\n\n - Use %license (bsc#1082318)\n\n - Handle repo aliases containing multiple ':' in the\n PackageArgs parser (bsc #1041178)\n\n - Fix broken display of detailed query results.\n\n - Fix broken search for items with a dash. (bsc#907538,\n bsc#1043166, bsc#1070770)\n\n - Disable repository operations when searching installed\n packages. (bsc#1084525)\n\n - Prevent nested calls to exit() if aborted by a signal.\n (bsc#1092413)\n\n - ansi.h: Prevent ESC sequence strings from going out of\n scope. (bsc#1092413)\n\n - Fix some translation errors.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Check for root privileges in zypper verify and si\n (bsc#1058515)\n\n - XML <install-summary> attribute `packages-to-change`\n added (bsc#1102429)\n\n - Add expert (allow-*) options to all installer commands\n (bsc#428822)\n\n - Sort search results by multiple columns (bsc#1066215)\n\n - man: Strengthen that `--config FILE' affects\n zypper.conf, not zypp.conf (bsc#1100028)\n\n - Set error status if repositories passed to lr and ref\n are not known (bsc#1093103)\n\n - Do not override table style in search\n\n - Fix out of bound read in MbsIterator\n\n - Add --supplements switch to search and info\n\n - Add setter functions for zypp cache related config\n values to ZConfig\n\nChanges in libsolv :\n\n - convert repo2solv.sh script into a binary tool\n\n - Make use of %license macro (bsc#1082318)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-17T00:00:00", "title": "openSUSE Security Update : libzypp / zypper (openSUSE-2018-1017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "modified": "2018-09-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsolv-debuginfo", "p-cpe:/a:novell:opensuse:perl-solv-debuginfo", "p-cpe:/a:novell:opensuse:zypper", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:python-solv-debuginfo", "p-cpe:/a:novell:opensuse:libsolv-devel", "p-cpe:/a:novell:opensuse:python3-solv-debuginfo", "p-cpe:/a:novell:opensuse:libsolv-tools", "p-cpe:/a:novell:opensuse:ruby-solv-debuginfo", "p-cpe:/a:novell:opensuse:libzypp-debugsource", "p-cpe:/a:novell:opensuse:libsolv-debugsource", "p-cpe:/a:novell:opensuse:python3-solv", "p-cpe:/a:novell:opensuse:zypper-log", "p-cpe:/a:novell:opensuse:zypper-debugsource", "p-cpe:/a:novell:opensuse:libsolv-tools-debuginfo", "p-cpe:/a:novell:opensuse:libzypp", "p-cpe:/a:novell:opensuse:libzypp-devel", "p-cpe:/a:novell:opensuse:libsolv-demo-debuginfo", "p-cpe:/a:novell:opensuse:zypper-aptitude", "p-cpe:/a:novell:opensuse:python-solv", "p-cpe:/a:novell:opensuse:libzypp-debuginfo", "p-cpe:/a:novell:opensuse:libsolv-demo", "p-cpe:/a:novell:opensuse:libsolv-devel-debuginfo", "p-cpe:/a:novell:opensuse:zypper-debuginfo", "p-cpe:/a:novell:opensuse:ruby-solv", "p-cpe:/a:novell:opensuse:perl-solv"], "id": "OPENSUSE-2018-1017.NASL", "href": "https://www.tenable.com/plugins/nessus/117524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1017.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117524);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9269\", \"CVE-2018-7685\");\n\n script_name(english:\"openSUSE Security Update : libzypp / zypper (openSUSE-2018-1017)\");\n script_summary(english:\"Check for the openSUSE-2018-1017 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libzypp, zypper, libsolv provides the following \nfixes :\n\nSecurity fixes in libzypp :\n\n - CVE-2018-7685: PackageProvider: Validate RPMs before\n caching (bsc#1091624, bsc#1088705)\n\n - CVE-2017-9269: Be sure bad packages do not stay in the\n cache (bsc#1045735)\n\nChanges in libzypp :\n\n - Update to version 17.6.4\n\n - Automatically fetch repository signing key from gpgkey\n url (bsc#1088037)\n\n - lsof: use '-K i' if lsof supports it\n (bsc#1099847,bsc#1036304)\n\n - Check for not imported keys after multi key import from\n rpmdb (bsc#1096217)\n\n - Flags: make it std=c++14 ready\n\n - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n\n - Show GPGME version in log\n\n - Adapt to changes in libgpgme11-11.1.0 breaking the\n signature verification (bsc#1100427)\n\n - RepoInfo::provideKey: add report telling where we look\n for missing keys.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Add new report to request user approval for importing a\n package key\n\n - Handle http error 502 Bad Gateway in curl backend\n (bsc#1070851)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Removed superfluous space in translation (bsc#1102019)\n\n - Prevent the system from sleeping during a commit\n\n - RepoManager: Explicitly request repo2solv to generate\n application pseudo packages.\n\n - libzypp-devel should not require cmake (bsc#1101349)\n\n - Avoid zombies from ExternalProgram\n\n - Update ApiConfig\n\n - HardLocksFile: Prevent against empty commit without\n Target having been been loaded (bsc#1096803)\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847)\n\n - Add filesize check for downloads with known size\n (bsc#408814)\n\n - Fix detection of metalink downloads and prevent aborting\n if a metalink file is larger than the expected data\n file.\n\n - Require libsolv-devel >= 0.6.35 during build (fixing\n bsc#1100095)\n\n - Make use of %license macro (bsc#1082318)\n\nSecurity fix in zypper :\n\n - CVE-2017-9269: Improve signature check callback messages\n (bsc#1045735)\n\nChanges in zypper :\n\n - Always set error status if any nr of unknown\n repositories are passed to lr and ref (bsc#1093103)\n\n - Notify user about unsupported rpm V3 keys in an old rpm\n database (bsc#1096217)\n\n - Detect read only filesystem on system modifying\n operations (fixes #199)\n\n - Use %license (bsc#1082318)\n\n - Handle repo aliases containing multiple ':' in the\n PackageArgs parser (bsc #1041178)\n\n - Fix broken display of detailed query results.\n\n - Fix broken search for items with a dash. (bsc#907538,\n bsc#1043166, bsc#1070770)\n\n - Disable repository operations when searching installed\n packages. (bsc#1084525)\n\n - Prevent nested calls to exit() if aborted by a signal.\n (bsc#1092413)\n\n - ansi.h: Prevent ESC sequence strings from going out of\n scope. (bsc#1092413)\n\n - Fix some translation errors.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Check for root privileges in zypper verify and si\n (bsc#1058515)\n\n - XML <install-summary> attribute `packages-to-change`\n added (bsc#1102429)\n\n - Add expert (allow-*) options to all installer commands\n (bsc#428822)\n\n - Sort search results by multiple columns (bsc#1066215)\n\n - man: Strengthen that `--config FILE' affects\n zypper.conf, not zypp.conf (bsc#1100028)\n\n - Set error status if repositories passed to lr and ref\n are not known (bsc#1093103)\n\n - Do not override table style in search\n\n - Fix out of bound read in MbsIterator\n\n - Add --supplements switch to search and info\n\n - Add setter functions for zypp cache related config\n values to ZConfig\n\nChanges in libsolv :\n\n - convert repo2solv.sh script into a binary tool\n\n - Make use of %license macro (bsc#1082318)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=408814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=428822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907538\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzypp / zypper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsolv-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzypp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-solv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-aptitude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zypper-log\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-debugsource-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-demo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-demo-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-devel-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-devel-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-tools-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsolv-tools-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-debuginfo-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-debugsource-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libzypp-devel-17.6.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"perl-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"perl-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby-solv-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby-solv-debuginfo-0.6.35-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-aptitude-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-debuginfo-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-debugsource-1.14.10-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"zypper-log-1.14.10-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsolv-debuginfo / libsolv-debugsource / libsolv-demo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:13:36", "description": "In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-01T20:29:00", "title": "CVE-2017-7436", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7436"], "modified": "2019-10-09T23:29:00", "cpe": ["cpe:/a:opensuse:libzypp:16.15.2"], "id": "CVE-2017-7436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7436", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opensuse:libzypp:16.15.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:36", "description": "In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-01T20:29:00", "title": "CVE-2017-7435", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7435"], "modified": "2019-10-09T23:29:00", "cpe": ["cpe:/a:opensuse:libzypp:16.15.2"], "id": "CVE-2017-7435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7435", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:opensuse:libzypp:16.15.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:46", "description": "The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-31T15:29:00", "title": "CVE-2018-7685", "type": "cve", "cwe": ["CWE-347"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7685"], "modified": "2019-10-09T23:42:00", "cpe": [], "id": "CVE-2018-7685", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7685", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-10-03T13:07:50", "description": "In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-01T20:29:00", "title": "CVE-2017-9269", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9269"], "modified": "2019-10-09T23:30:00", "cpe": ["cpe:/a:opensuse:libzypp:-"], "id": "CVE-2017-9269", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9269", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:opensuse:libzypp:-:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2017-08-25T21:07:32", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "description": "The Software Update Stack was updated to receive fixes and enhancements.\n\n\n libzypp:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n - Fix gpg-pubkey release (creation time) computation. (bsc#1036659)\n - Update lsof blacklist. (bsc#1046417)\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n\n yast2-pkg-bindings:\n\n - Do not crash when the repository URL is not defined. (bsc#1043218)\n\n", "edition": 1, "modified": "2017-08-25T18:23:32", "published": "2017-08-25T18:23:32", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00066.html", "id": "SUSE-SU-2017:2264-1", "title": "Security update for libzypp (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-08-09T17:07:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "description": "The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n Security issues fixed:\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n\n Bug fixes:\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n - Fix potential crash if repository has no baseurl. (bsc#1043218)\n\n zypper:\n\n - Adapt download callback to report and handle unsigned packages.\n (bsc#1038984)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n - Document support for custom repository variables defined in\n /etc/zypp/vars.d.\n - Emphasize that it depends on how fast PackageKit will respond to a\n 'quit' request sent if PK blocks package management.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2017-08-09T15:20:00", "published": "2017-08-09T15:20:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00033.html", "id": "OPENSUSE-SU-2017:2111-1", "title": "Security update for libzypp, zypper (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-08-03T22:21:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "description": "The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n Security issues fixed:\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n\n Bug fixes:\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n - Fix potential crash if repository has no baseurl. (bsc#1043218)\n\n zypper:\n\n - Adapt download callback to report and handle unsigned packages.\n (bsc#1038984)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n - Document support for custom repository variables defined in\n /etc/zypp/vars.d.\n - Emphasize that it depends on how fast PackageKit will respond to a\n 'quit' request sent if PK blocks package management.\n\n", "edition": 1, "modified": "2017-08-03T21:07:44", "published": "2017-08-03T21:07:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html", "id": "SUSE-SU-2017:2040-1", "title": "Security update for libzypp, zypper (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-02T20:29:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "description": "The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n - Fix gpg-pubkey release (creation time) computation. (bsc#1036659)\n - Update lsof blacklist. (bsc#1046417)\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n\n yast2-pkg-bindings:\n\n - Do not crash when the repository URL is not defined. (bsc#1043218)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2017-09-02T18:09:46", "published": "2017-09-02T18:09:46", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00005.html", "id": "OPENSUSE-SU-2017:2335-1", "title": "Security update for libzypp (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-17T13:51:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "description": "This update for libzypp, zypper, libsolv provides the following fixes:\n\n Security fixes in libzypp:\n\n - CVE-2018-7685: PackageProvider: Validate RPMs before caching\n (bsc#1091624, bsc#1088705)\n - CVE-2017-9269: Be sure bad packages do not stay in the cache\n (bsc#1045735)\n\n Changes in libzypp:\n\n - Update to version 17.6.4\n - Automatically fetch repository signing key from gpgkey url (bsc#1088037)\n - lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304)\n - Check for not imported keys after multi key import from rpmdb\n (bsc#1096217)\n - Flags: make it std=c++14 ready\n - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n - Show GPGME version in log\n - Adapt to changes in libgpgme11-11.1.0 breaking the signature\n verification (bsc#1100427)\n - RepoInfo::provideKey: add report telling where we look for missing keys.\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n - Add new report to request user approval for importing a package key\n - Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n - Add filesize check for downloads with known size (bsc#408814)\n - Removed superfluous space in translation (bsc#1102019)\n - Prevent the system from sleeping during a commit\n - RepoManager: Explicitly request repo2solv to generate application pseudo\n packages.\n - libzypp-devel should not require cmake (bsc#1101349)\n - Avoid zombies from ExternalProgram\n - Update ApiConfig\n - HardLocksFile: Prevent against empty commit without Target having been\n been loaded (bsc#1096803)\n - lsof: use '-K i' if lsof supports it (bsc#1099847)\n - Add filesize check for downloads with known size (bsc#408814)\n - Fix detection of metalink downloads and prevent aborting if a metalink\n file is larger than the expected data file.\n - Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095)\n - Make use of %license macro (bsc#1082318)\n\n Security fix in zypper:\n\n - CVE-2017-9269: Improve signature check callback messages (bsc#1045735)\n\n Changes in zypper:\n\n - Always set error status if any nr of unknown repositories are passed to\n lr and ref (bsc#1093103)\n - Notify user about unsupported rpm V3 keys in an old rpm database\n (bsc#1096217)\n - Detect read only filesystem on system modifying operations (fixes #199)\n - Use %license (bsc#1082318)\n - Handle repo aliases containing multiple ':' in the PackageArgs parser\n (bsc #1041178)\n - Fix broken display of detailed query results.\n - Fix broken search for items with a dash. (bsc#907538, bsc#1043166,\n bsc#1070770)\n - Disable repository operations when searching installed packages.\n (bsc#1084525)\n - Prevent nested calls to exit() if aborted by a signal. (bsc#1092413)\n - ansi.h: Prevent ESC sequence strings from going out of scope.\n (bsc#1092413)\n - Fix some translation errors.\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n - Check for root privileges in zypper verify and si (bsc#1058515)\n - XML <install-summary> attribute `packages-to-change` added (bsc#1102429)\n - Add expert (allow-*) options to all installer commands (bsc#428822)\n - Sort search results by multiple columns (bsc#1066215)\n - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf\n (bsc#1100028)\n - Set error status if repositories passed to lr and ref are not known\n (bsc#1093103)\n - Do not override table style in search\n - Fix out of bound read in MbsIterator\n - Add --supplements switch to search and info\n - Add setter functions for zypp cache related config values to ZConfig\n\n Changes in libsolv:\n\n - convert repo2solv.sh script into a binary tool\n - Make use of %license macro (bsc#1082318)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-09-17T12:07:59", "published": "2018-09-17T12:07:59", "id": "OPENSUSE-SU-2018:2739-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00035.html", "title": "Security update for libzypp, zypper (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-05T00:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7436"], "description": "The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n - Adapt to work with GnuPG 2.1.23. (bsc#1054088)\n - Support signing with subkeys. (bsc#1008325)\n - Enhance sort order for media.1/products. (bsc#1054671)\n\n zypper:\n\n - Also show a gpg key's subkeys. (bsc#1008325)\n - Improve signature check callback messages. (bsc#1045735)\n - Add options to tune the GPG check settings. (bsc#1045735)\n - Adapt download callback to report and handle unsigned packages.\n (bsc#1038984, CVE-2017-7436)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n\n", "edition": 1, "modified": "2017-09-04T21:42:36", "published": "2017-09-04T21:42:36", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00010.html", "id": "SUSE-SU-2017:2344-1", "title": "Security update for libzypp, zypper (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-06T07:51:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7436"], "description": "The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n - Adapt to work with GnuPG 2.1.23. (bsc#1054088)\n - Support signing with subkeys. (bsc#1008325)\n - Enhance sort order for media.1/products. (bsc#1054671)\n\n zypper:\n\n - Also show a gpg key's subkeys. (bsc#1008325)\n - Improve signature check callback messages. (bsc#1045735)\n - Add options to tune the GPG check settings. (bsc#1045735)\n - Adapt download callback to report and handle unsigned packages.\n (bsc#1038984, CVE-2017-7436)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2017-09-06T03:15:27", "published": "2017-09-06T03:15:27", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00014.html", "id": "OPENSUSE-SU-2017:2370-1", "title": "Security update for libzypp, zypper (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-26T20:11:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7685"], "description": "This update for libzypp, zypper fixes the following issues:\n\n Update libzypp to version 16.17.20:\n\n Security issues fixed:\n\n - PackageProvider: Validate delta rpms before caching (bsc#1091624,\n bsc#1088705, CVE-2018-7685)\n - PackageProvider: Validate downloaded rpm package signatures before\n caching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\n Other bugs fixed:\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)\n - Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n - RepoManager: Explicitly request repo2solv to generate application pseudo\n packages.\n - libzypp-devel should not require cmake (bsc#1101349)\n - HardLocksFile: Prevent against empty commit without Target having been\n been loaded (bsc#1096803)\n - Avoid zombie tar processes (bsc#1076192)\n\n Update to zypper to version 1.13.45:\n\n Other bugs fixed:\n\n - XML <install-summary> attribute `packages-to-change` added (bsc#1102429)\n - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf\n (bsc#1100028)\n - Prevent nested calls to exit() if aborted by a signal (bsc#1092413)\n - ansi.h: Prevent ESC sequence strings from going out of scope\n (bsc#1092413)\n - Fix: zypper bash completion expands non-existing options (bsc#1049825)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-09-26T18:22:31", "published": "2018-09-26T18:22:31", "id": "OPENSUSE-SU-2018:2881-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00079.html", "title": "Security update for libzypp, zypper (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-14T22:30:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9233", "CVE-2017-10685", "CVE-2016-9063", "CVE-2017-11112", "CVE-2017-8872", "CVE-2017-3456", "CVE-2017-11113", "CVE-2017-7436", "CVE-2017-3309", "CVE-2017-1000101", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-1000100", "CVE-2017-3464", "CVE-2017-7435", "CVE-2017-10684", "CVE-2013-7459", "CVE-2017-9269"], "description": "The Docker images provided with SUSE CaaS Platform 1.0 have been updated\n to include the following updates:\n\n libzypp:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n - Fix gpg-pubkey release (creation time) computation. (bsc#1036659)\n - Update lsof blacklist. (bsc#1046417)\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n - Fix potential crash if repository has no baseurl. (bsc#1043218)\n\n zypper:\n\n - CVE-2017-7436: Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n - Document support for custom repository variables defined in\n /etc/zypp/vars.d.\n - Emphasize that it depends on how fast PackageKit will respond to a\n 'quit' request sent if PK blocks package management.\n\n libgcrypt:\n\n - Fix infinite loop in gnome-keyring-daemon caused by attempt to read from\n random device left open by libgcrypt. (bsc#1043333)\n - Avoid seeding the DRBG during FIPS power-up selftests. (bsc#1046659)\n - Fix a bug in gcry_drbg_healthcheck_sanity() which caused skipping some\n of the tests. (bsc#1046659)\n - dlsym returns PLT address on s390x, dlopen libgcrypt20.so before calling\n dlsym. (bsc#1047008)\n\n lua51:\n\n - Add Lua(API) and Lua(devel) symbols to fix building of lua51-luasocket.\n (bsc#1051626)\n\n cyrus-sasl:\n\n - Fix unknown authentication mechanism: kerberos5 (bsc#1026825)\n - Really use SASLAUTHD_PARAMS variable (bsc#938657)\n - Make sure /usr/sbin/rcsaslauthd exists\n - Add /usr/sbin/rcsaslauthd symbolic link to /usr/sbin/service\n (bsc#1014471)\n - Silence "GSSAPI client step 1" debug log message (bsc#1044840)\n\n libxml2:\n\n - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444)\n\n curl:\n\n - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a\n denial of service. (bsc#1051644)\n - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial\n of service. (bsc#1051643)\n\n ncurses:\n\n - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)\n - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry.\n (bsc#1047965)\n - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses\n 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858,\n bsc#1049344)\n\n sed:\n\n - Don't terminate with a segmentation fault if close of last file\n descriptor fails. (bsc#954661)\n\n openssl:\n\n - Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32\n problem. (bsc#1027908)\n - Use getrandom syscall instead of reading from /dev/urandom to get at\n least 128 bits of entropy to comply with FIPS 140.2 IG 7.14.\n (bsc#1027079 bsc#1044175)\n - Fix x86 extended feature detection (bsc#1029523)\n - Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"\n environmental variable. (bsc#1028723)\n - Add back certificate initialization set_cert_key_stuff() which was\n removed in a previous update. (bsc#1028281)\n - Fix a bug in XTS key handling. (bsc#1019637)\n - Don't run FIPS power-up self-tests when the checksum files aren't\n installed. (bsc#1042392)\n\n procps:\n\n - Don't set buffering on invalid file descriptor. (bsc#1053409)\n\n expat:\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading\n to unexpected behaviour. (bsc#1047240)\n - CVE-2017-9233: External Entity Vulnerability could lead to denial of\n service. (bsc#1047236)\n\n systemd:\n\n - Revert fix for bsc#1004995 which could have caused boot failure on LVM\n (bsc#1048605)\n - compat-rules: drop the bogus 'import everything' rule (bsc#1046268)\n - core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification\n (bsc#1045384 bsc#1047379)\n - udev/path_id: introduce support for NVMe devices (bsc#1045987)\n - compat-rules: Don't rely on ID_SERIAL when generating 'by-id' links for\n NVMe devices. (bsc#1048679)\n - fstab-generator: Handle NFS "bg" mounts correctly. (bsc#874665,\n fate#323464)\n - timesyncd: Don't use compiled-in list if FallbackNTP has been configured\n explicitly.\n\n insserv-compat:\n\n - Add /etc/init.d hierarchy from former "filesystem" package. (bsc#1035062)\n - Fix directory argument parsing. (bsc#944903)\n - Add perl(Getopt::Long) to list of requirements.\n\n mariadb:\n\n - Update libmysqlclient18 from version 10.0.30 to 10.0.31.\n\n python-pycrypto:\n\n - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew\n (bsc#1017420).\n\n velum:\n\n - Fix loopback IP for proxy exception during initial configuration.\n (bsc#1052759)\n - Set secure flag in cookie. (bsc#1050484)\n - Set VERSION to 1.0.0. (bsc#1050396)\n - Allow kubeconfig download when master is ready. (bsc#1048483)\n\n", "edition": 1, "modified": "2017-09-14T21:11:54", "published": "2017-09-14T21:11:54", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00047.html", "id": "SUSE-SU-2017:2470-1", "title": "Security update for CaaS Platform 1.0 images (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T05:54:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7407", "CVE-2017-9233", "CVE-2016-9840", "CVE-2017-7375", "CVE-2017-10685", "CVE-2017-9445", "CVE-2016-9063", "CVE-2016-5300", "CVE-2017-11112", "CVE-2017-5969", "CVE-2016-9318", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-2616", "CVE-2017-8872", "CVE-2012-6702", "CVE-2015-3238", "CVE-2017-9048", "CVE-2017-11113", "CVE-2017-3732", "CVE-2017-7376", "CVE-2017-7436", "CVE-2017-1000101", "CVE-2016-9401", "CVE-2017-7526", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2017-0663", "CVE-2016-9843", "CVE-2017-9047", "CVE-2016-9597", "CVE-2017-9217", "CVE-2016-10156", "CVE-2017-1000100", "CVE-2016-9586", "CVE-2016-5011", "CVE-2017-7435", "CVE-2016-9841", "CVE-2016-2037", "CVE-2017-9287", "CVE-2017-6507", "CVE-2016-4658", "CVE-2017-10684", "CVE-2017-9269", "CVE-2017-9050"], "description": "The SUSE Linux Enterprise Server 12 SP2 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n bash:\n\n - CVE-2016-9401\n\n expat:\n\n - CVE-2012-6702\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n curl:\n\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n glibc:\n\n - CVE-2017-1000366\n\n openssl:\n\n - CVE-2017-3731\n - CVE-2017-3732\n - CVE-2016-7055\n\n pam:\n\n - CVE-2015-3238\n\n apparmor:\n\n - CVE-2017-6507\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libgcrypt:\n\n - CVE-2017-7526\n\n libxml2:\n\n - CVE-2016-1839\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-0663\n - CVE-2017-5969\n - CVE-2017-7375\n - CVE-2017-7376\n - CVE-2017-8872\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libzypp:\n\n - CVE-2017-9269\n - CVE-2017-7435\n - CVE-2017-7436\n\n openldap2:\n\n - CVE-2017-9287\n\n systemd:\n\n - CVE-2016-10156\n - CVE-2017-9217\n - CVE-2017-9445\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n zypper:\n\n - CVE-2017-7436\n\n Finally, the following packages received non-security fixes:\n\n - binutils\n - cpio\n - cryptsetup\n - cyrus-sasl\n - dbus-1\n - dirmngr\n - e2fsprogs\n - gpg2\n - insserv-compat\n - kmod\n - libsolv\n - libsemanage\n - lvm2\n - lua51\n - netcfg\n - procps\n - sed\n - sg3_utils\n - shadow\n\n", "edition": 1, "modified": "2017-10-11T03:08:09", "published": "2017-10-11T03:08:09", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00012.html", "id": "SUSE-SU-2017:2701-1", "title": "Security update for SLES 12-SP2 Docker image (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-06-04T17:33:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2017-08-10T00:00:00", "id": "OPENVAS:1361412562310851588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851588", "type": "openvas", "title": "openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2111-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851588\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-10 07:30:06 +0200 (Thu, 10 Aug 2017)\");\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2111-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzypp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n Security issues fixed:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n\n Bug fixes:\n\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n\n - Support custom repo variables defined in /etc/zypp/vars.d.\n\n - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n\n - Fix potential crash if repository has no baseurl. (bsc#1043218)\n\n zypper:\n\n - Adapt download callback to report and handle unsigned packages.\n (bsc#1038984)\n\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n\n - Document support for custom repository variables defined in\n /etc/zypp/vars.d.\n\n - Emphasize that it depends on how fast PackageKit will respond to a\n 'quit' request sent if PK blocks package management.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"libzypp, on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2111-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~16.15.2~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debuginfo\", rpm:\"libzypp-debuginfo~16.15.2~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debugsource\", rpm:\"libzypp-debugsource~16.15.2~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~16.15.2~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel-doc\", rpm:\"libzypp-devel-doc~16.15.2~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.13.30~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debuginfo\", rpm:\"zypper-debuginfo~1.13.30~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debugsource\", rpm:\"zypper-debugsource~1.13.30~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-aptitude\", rpm:\"zypper-aptitude~1.13.30~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-log\", rpm:\"zypper-log~1.13.30~5.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:27:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436", "CVE-2017-7435", "CVE-2017-9269"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-09-03T00:00:00", "id": "OPENVAS:1361412562310851606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851606", "type": "openvas", "title": "openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2335-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851606\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-03 07:19:00 +0200 (Sun, 03 Sep 2017)\");\n script_cve_id(\"CVE-2017-7435\", \"CVE-2017-7436\", \"CVE-2017-9269\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2335-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzypp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n\n - Fix gpg-pubkey release (creation time) computation. (bsc#1036659)\n\n - Update lsof blacklist. (bsc#1046417)\n\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n\n - Support custom repo variables defined in /etc/zypp/vars.d.\n\n yast2-pkg-bindings:\n\n - Do not crash when the repository URL is not defined. (bsc#1043218)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\");\n\n script_tag(name:\"affected\", value:\"libzypp on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2335-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~16.15.3~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debuginfo\", rpm:\"libzypp-debuginfo~16.15.3~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debugsource\", rpm:\"libzypp-debugsource~16.15.3~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~16.15.3~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel-doc\", rpm:\"libzypp-devel-doc~16.15.3~9.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"yast2-pkg-bindings\", rpm:\"yast2-pkg-bindings~3.2.4~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"yast2-pkg-bindings-debuginfo\", rpm:\"yast2-pkg-bindings-debuginfo~3.2.4~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"yast2-pkg-bindings-debugsource\", rpm:\"yast2-pkg-bindings-debugsource~3.2.4~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"yast2-pkg-bindings-devel-doc\", rpm:\"yast2-pkg-bindings-devel-doc~3.2.4~4.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:45:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685", "CVE-2017-9269"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852022", "type": "openvas", "title": "openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2739-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852022\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_cve_id(\"CVE-2017-9269\", \"CVE-2018-7685\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:35:05 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2739-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2739-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00035.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzypp'\n package(s) announced via the openSUSE-SU-2018:2739-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libzypp, zypper, libsolv provides the following fixes:\n\n Security fixes in libzypp:\n\n - CVE-2018-7685: PackageProvider: Validate RPMs before caching\n (bsc#1091624, bsc#1088705)\n\n - CVE-2017-9269: Be sure bad packages do not stay in the cache\n (bsc#1045735)\n\n Changes in libzypp:\n\n - Update to version 17.6.4\n\n - Automatically fetch repository signing key from gpgkey url (bsc#1088037)\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)\n\n - Check for not imported keys after multi key import from rpmdb\n (bsc#1096217)\n\n - Flags: make it std=c++14 ready\n\n - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n\n - Show GPGME version in log\n\n - Adapt to changes in libgpgme11-11.1.0 breaking the signature\n verification (bsc#1100427)\n\n - RepoInfo::provideKey: add report telling where we look for missing keys.\n\n - Support listing gpgkey URLs in repo files (bsc#1088037)\n\n - Add new report to request user approval for importing a package key\n\n - Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\n - Add filesize check for downloads with known size (bsc#408814)\n\n - Removed superfluous space in translation (bsc#1102019)\n\n - Prevent the system from sleeping during a commit\n\n - RepoManager: Explicitly request repo2solv to generate application pseudo\n packages.\n\n - libzypp-devel should not require cmake (bsc#1101349)\n\n - Avoid zombies from ExternalProgram\n\n - Update ApiConfig\n\n - HardLocksFile: Prevent against empty commit without Target having been\n been loaded (bsc#1096803)\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847)\n\n - Add filesize check for downloads with known size (bsc#408814)\n\n - Fix detection of metalink downloads and prevent aborting if a metalink\n file is larger than the expected data file.\n\n - Require libsolv-devel = 0.6.35 during build (fixing bsc#1100095)\n\n - Make use of %license macro (bsc#1082318)\n\n Security fix in zypper:\n\n - CVE-2017-9269: Improve signature check callback messages (bsc#1045735)\n\n Changes in zypper:\n\n - Always set error status if any nr of unknown repositories are passed to\n lr and ref (bsc#1093103)\n\n - Notify user about unsupported rpm V3 keys in an old rpm database\n (bsc#1096217)\n\n - Detect read only filesystem on system modifying operations (fixes #199)\n\n - Use %license (bsc#1082318)\n\n - Handle repo aliases containing multiple ':' in the PackageArgs parser\n (bsc #1041178)\n\n - Fix broken display of detailed query results.\n\n - Fix broken search for items with a dash. (bsc#907538, bsc#1043166,\n bsc#1070770)\n\n - Disable repository operations when searching installed packages.\n (bsc#1084525)\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"libzypp, on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-debuginfo\", rpm:\"libsolv-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-debugsource\", rpm:\"libsolv-debugsource~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-demo\", rpm:\"libsolv-demo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-demo-debuginfo\", rpm:\"libsolv-demo-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-devel\", rpm:\"libsolv-devel~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-devel-debuginfo\", rpm:\"libsolv-devel-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-tools\", rpm:\"libsolv-tools~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsolv-tools-debuginfo\", rpm:\"libsolv-tools-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~17.6.4~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debuginfo\", rpm:\"libzypp-debuginfo~17.6.4~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debugsource\", rpm:\"libzypp-debugsource~17.6.4~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~17.6.4~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel-doc\", rpm:\"libzypp-devel-doc~17.6.4~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-solv\", rpm:\"perl-solv~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-solv-debuginfo\", rpm:\"perl-solv-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-solv\", rpm:\"python-solv~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-solv-debuginfo\", rpm:\"python-solv-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-solv\", rpm:\"python3-solv~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-solv-debuginfo\", rpm:\"python3-solv-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-solv\", rpm:\"ruby-solv~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-solv-debuginfo\", rpm:\"ruby-solv-debuginfo~0.6.35~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.14.10~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debuginfo\", rpm:\"zypper-debuginfo~1.14.10~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debugsource\", rpm:\"zypper-debugsource~1.14.10~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-aptitude\", rpm:\"zypper-aptitude~1.14.10~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-log\", rpm:\"zypper-log~1.14.10~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T17:34:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7436"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2017-09-06T00:00:00", "id": "OPENVAS:1361412562310851608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851608", "type": "openvas", "title": "openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2370-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851608\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-06 07:17:54 +0200 (Wed, 06 Sep 2017)\");\n script_cve_id(\"CVE-2017-7436\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2370-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzypp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Software Update Stack was updated to receive fixes and enhancements.\n\n libzypp:\n\n - Adapt to work with GnuPG 2.1.23. (bsc#1054088)\n\n - Support signing with subkeys. (bsc#1008325)\n\n - Enhance sort order for media.1/products. (bsc#1054671)\n\n zypper:\n\n - Also show a gpg key's subkeys. (bsc#1008325)\n\n - Improve signature check callback messages. (bsc#1045735)\n\n - Add options to tune the GPG check settings. (bsc#1045735)\n\n - Adapt download callback to report and handle unsigned packages.\n (bsc#1038984, CVE-2017-7436)\n\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\");\n\n script_tag(name:\"affected\", value:\"libzypp, on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2370-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~16.15.6~12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debuginfo\", rpm:\"libzypp-debuginfo~16.15.6~12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debugsource\", rpm:\"libzypp-debugsource~16.15.6~12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~16.15.6~12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel-doc\", rpm:\"libzypp-devel-doc~16.15.6~12.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.13.32~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debuginfo\", rpm:\"zypper-debuginfo~1.13.32~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debugsource\", rpm:\"zypper-debugsource~1.13.32~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-aptitude\", rpm:\"zypper-aptitude~1.13.32~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-log\", rpm:\"zypper-log~1.13.32~8.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-17T00:00:00", "id": "OPENVAS:1361412562310875078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875078", "type": "openvas", "title": "Fedora Update for zypper FEDORA-2018-ec9bc84fda", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ec9bc84fda_zypper_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for zypper FEDORA-2018-ec9bc84fda\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875078\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-17 08:23:41 +0200 (Mon, 17 Sep 2018)\");\n script_cve_id(\"CVE-2018-7685\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zypper FEDORA-2018-ec9bc84fda\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zypper'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"zypper on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ec9bc84fda\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMXVYBY43QBMZX5Y3L4WVAXBZCISV6R3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.13.45~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T16:45:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-09-27T00:00:00", "id": "OPENVAS:1361412562310851914", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851914", "type": "openvas", "title": "openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2881-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851914\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-27 08:11:17 +0200 (Thu, 27 Sep 2018)\");\n script_cve_id(\"CVE-2018-7685\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2881-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzypp'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libzypp, zypper fixes the following issues:\n\n Update libzypp to version 16.17.20:\n\n Security issues fixed:\n\n - PackageProvider: Validate delta rpms before caching (bsc#1091624,\n bsc#1088705, CVE-2018-7685)\n\n - PackageProvider: Validate downloaded rpm package signatures before\n caching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\n Other bugs fixed:\n\n - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)\n\n - Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n\n - RepoManager: Explicitly request repo2solv to generate application pseudo\n packages.\n\n - libzypp-devel should not require cmake (bsc#1101349)\n\n - HardLocksFile: Prevent against empty commit without Target having been\n been loaded (bsc#1096803)\n\n - Avoid zombie tar processes (bsc#1076192)\n\n Update to zypper to version 1.13.45:\n\n Other bugs fixed:\n\n - XML install-summary attribute `packages-to-change` added (bsc#1102429)\n\n - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf\n (bsc#1100028)\n\n - Prevent nested calls to exit() if aborted by a signal (bsc#1092413)\n\n - ansi.h: Prevent ESC sequence strings from going out of scope\n (bsc#1092413)\n\n - Fix: zypper bash completion expands non-existing options (bsc#1049825)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1054=1\");\n\n script_tag(name:\"affected\", value:\"libzypp, on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2881-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00079.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~16.17.20~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debuginfo\", rpm:\"libzypp-debuginfo~16.17.20~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-debugsource\", rpm:\"libzypp-debugsource~16.17.20~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~16.17.20~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libzypp-devel-doc\", rpm:\"libzypp-devel-doc~16.17.20~27.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.13.45~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debuginfo\", rpm:\"zypper-debuginfo~1.13.45~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-debugsource\", rpm:\"zypper-debugsource~1.13.45~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-aptitude\", rpm:\"zypper-aptitude~1.13.45~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"zypper-log\", rpm:\"zypper-log~1.13.45~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7685"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-17T00:00:00", "id": "OPENVAS:1361412562310875077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875077", "type": "openvas", "title": "Fedora Update for libzypp FEDORA-2018-ec9bc84fda", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ec9bc84fda_libzypp_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libzypp FEDORA-2018-ec9bc84fda\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875077\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-17 08:23:28 +0200 (Mon, 17 Sep 2018)\");\n script_cve_id(\"CVE-2018-7685\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libzypp FEDORA-2018-ec9bc84fda\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzypp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"libzypp on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ec9bc84fda\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGFYJN2OXZVCCJBWCBE4P2IJMZADOY27\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~16.17.20~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7685"], "description": "libzypp is a library for package management built on top of the libsolv library. It is the foundation for the Zypper package manager. ", "modified": "2018-09-17T03:07:38", "published": "2018-09-17T03:07:38", "id": "FEDORA:68815602DC1B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libzypp-16.17.20-1.fc27", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7685"], "description": "Zypper is a command line package manager tool using libzypp, which can be used to manage software for RPM based systems. ", "modified": "2018-09-17T03:07:38", "published": "2018-09-17T03:07:38", "id": "FEDORA:9F919602E7D5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: zypper-1.13.45-1.fc27", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}