Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-2780-1.NASL
HistorySep 24, 2018 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2018:2780-1)

2018-09-2400:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

This update for liblouis, python-louis, python3-louis fixes the following issues :

Security issues fixed :

CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189)

CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945)

CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827)

CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826)

CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825)

CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2780-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(117662);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/10 13:51:49");

  script_cve_id("CVE-2018-11440", "CVE-2018-11577", "CVE-2018-11683", "CVE-2018-11684", "CVE-2018-11685", "CVE-2018-12085");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2018:2780-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for liblouis, python-louis, python3-louis fixes the
following issues :

Security issues fixed :

CVE-2018-11440: Fixed a stack-based buffer overflow in the function
parseChars() in compileTranslationTable.c (bsc#1095189)

CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in
logging.c (bsc#1095945)

CVE-2018-11683: Fixed a stack-based buffer overflow in the function
parseChars() in compileTranslationTable.c (different vulnerability
than CVE-2018-11440) (bsc#1095827)

CVE-2018-11684: Fixed stack-based buffer overflow in the function
includeFile() in compileTranslationTable.c (bsc#1095826)

CVE-2018-11685: Fixed a stack-based buffer overflow in the function
compileHyphenation() in compileTranslationTable.c (bsc#1095825)

CVE-2018-12085: Fixed a stack-based buffer overflow in the function
parseChars() in compileTranslationTable.c (different vulnerability
than CVE-2018-11440) (bsc#1097103)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095189"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095825"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095826"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11440/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11577/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11683/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11684/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11685/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12085/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182780-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?204fc2d7"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-1944=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-1944=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-1944=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:liblouis-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:liblouis-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:liblouis9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:liblouis9-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-louis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-louis");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", reference:"liblouis-data-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"liblouis-debugsource-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"liblouis9-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"liblouis9-debuginfo-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"python-louis-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"python3-louis-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"liblouis-data-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"liblouis-debugsource-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"liblouis9-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"liblouis9-debuginfo-2.6.4-6.6.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python3-louis-2.6.4-6.6.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liblouis");
}
VendorProductVersionCPE
novellsuse_linuxliblouis-datap-cpe:/a:novell:suse_linux:liblouis-data
novellsuse_linuxliblouis-debugsourcep-cpe:/a:novell:suse_linux:liblouis-debugsource
novellsuse_linuxliblouis9p-cpe:/a:novell:suse_linux:liblouis9
novellsuse_linuxliblouis9-debuginfop-cpe:/a:novell:suse_linux:liblouis9-debuginfo
novellsuse_linuxpython-louisp-cpe:/a:novell:suse_linux:python-louis
novellsuse_linuxpython3-louisp-cpe:/a:novell:suse_linux:python3-louis
novellsuse_linux12cpe:/o:novell:suse_linux:12

References

Related

suse 2
openvas 14
nessus 20
amazon 3
redhat 1
almalinux 1
rocky 1
osv 8
oraclelinux 1
ubuntu 3
redhatcve 6
prion 6
cve 6
ubuntucve 6
debiancve 6
veracode 5
fedora 2
suse
suse
Security update for liblouis (moderate)
2018-09-24 12:18:11
Security update for liblouis (moderate)
2019-04-05 00:00:00
openvas
openvas
openSUSE: Security Advisory for liblouis (openSUSE-SU-2018:2819-1)
2018-09-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2780-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2018-1228)
2020-01-23 00:00:00
nessus
nessus
openSUSE Security Update : liblouis (openSUSE-2018-1039)
2018-09-25 00:00:00
Rocky Linux 8 : liblouis (RLSA-2020:1708)
2023-11-06 00:00:00
Oracle Linux 8 : liblouis (ELSA-2020-1708)
2023-09-07 00:00:00
amazon
amazon
Medium: liblouis
2023-02-17 00:11:00
Medium: geronimo-jaxrpc
2020-10-22 18:14:00
Medium: liblouis
2024-02-15 03:52:00
redhat
redhat
(RHSA-2020:1708) Moderate: liblouis security and bug fix update
2020-04-28 09:07:17
almalinux
almalinux
Moderate: liblouis security and bug fix update
2020-04-28 09:07:17
rocky
rocky
liblouis security and bug fix update
2020-04-28 09:07:17
osv
osv
Moderate: liblouis security and bug fix update
2020-04-28 09:07:17
Moderate: liblouis security and bug fix update
2020-04-28 09:07:17
CVE-2018-12085
2018-06-09 11:29:00
oraclelinux
oraclelinux
liblouis security and bug fix update
2020-05-05 00:00:00
ubuntu
ubuntu
Liblouis vulnerabilities
2018-06-06 00:00:00
Liblouis vulnerabilities
2018-06-04 00:00:00
Liblouis vulnerabilities
2018-10-03 00:00:00
redhatcve
redhatcve
CVE-2018-12085
2018-06-11 17:48:51
CVE-2018-11683
2018-06-07 16:19:54
CVE-2018-11684
2018-06-07 16:19:25
prion
prion
Stack overflow
2018-06-09 11:29:00
Stack overflow
2018-06-04 06:29:00
Design/Logic Flaw
2018-05-31 00:29:00
cve
cve
CVE-2018-12085
2018-06-09 11:29:00
CVE-2018-11683
2018-06-04 06:29:00
CVE-2018-11684
2018-06-04 06:29:00
ubuntucve
ubuntucve
CVE-2018-12085
2018-06-09 00:00:00
CVE-2018-11683
2018-06-04 00:00:00
CVE-2018-11684
2018-06-04 00:00:00
debiancve
debiancve
CVE-2018-12085
2018-06-09 11:29:00
CVE-2018-11683
2018-06-04 06:29:00
CVE-2018-11440
2018-05-25 11:29:00
veracode
veracode
Arbitrary Code Execution
2020-04-29 02:39:34
Arbitrary Code Execution
2020-04-29 02:39:34
Arbitrary Code Execution
2020-04-29 02:39:34
fedora
fedora
[SECURITY] Fedora 28 Update: liblouis-2.6.2-16.fc28
2018-10-07 22:16:38
[SECURITY] Fedora 27 Update: liblouis-2.6.2-13.fc27
2018-10-07 21:12:32
JSON
Related for SUSE_SU-2018-2780-1.NASL
suse2openvas14nessus20amazon3redhat1almalinux1rocky1osv8oraclelinux1ubuntu3redhatcve6prion6cve6ubuntucve6debiancve6veracode5fedora2