Search...

Fedora Update for liblouis FEDORA-2017-2c9852dd05

2017-11-23T00:00:00

ID OPENVAS:1361412562310873688
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2017_2c9852dd05_liblouis_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $
#
# Fedora Update for liblouis FEDORA-2017-2c9852dd05
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.873688");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2017-11-23 08:07:31 +0100 (Thu, 23 Nov 2017)");
  script_cve_id("CVE-2017-13738", "CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13741",
                "CVE-2017-13742", "CVE-2017-13743", "CVE-2017-13744");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for liblouis FEDORA-2017-2c9852dd05");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'liblouis'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"liblouis on Fedora 26");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2017-2c9852dd05");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB5RNRFGI6HZN6VFOFGNA5YPMMX5WOZA");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC26");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC26")
{

  if ((res = isrpmvuln(pkg:"liblouis", rpm:"liblouis~2.6.2~12.fc26", rls:"FC26")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310873688", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for liblouis FEDORA-2017-2c9852dd05", "description": "The remote host is missing an update for the ", "published": "2017-11-23T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873688", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-2c9852dd05", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB5RNRFGI6HZN6VFOFGNA5YPMMX5WOZA"], "cvelist": ["CVE-2017-13739", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "lastseen": "2019-05-29T18:34:48", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220171290", "OPENVAS:1361412562310875152", "OPENVAS:1361412562311220171289", "OPENVAS:1361412562310843739", "OPENVAS:1361412562310882797", "OPENVAS:1361412562310812076", "OPENVAS:1361412562310873731"]}, {"type": "nessus", "idList": ["SL_20171102_LIBLOUIS_ON_SL7_X.NASL", "CENTOS_RHSA-2017-3111.NASL", "UBUNTU_USN-3408-1.NASL", "REDHAT-RHSA-2017-3111.NASL", "EULEROS_SA-2017-1289.NASL", "FEDORA_2017-F9F6398158.NASL", "SUSE_SU-2017-2570-1.NASL", "FEDORA_2017-2C9852DD05.NASL", "OPENSUSE-2017-1120.NASL", "ORACLELINUX_ELSA-2017-3111.NASL"]}, {"type": "fedora", "idList": ["FEDORA:59CE96042D39", "FEDORA:8AABE604F0D8", "FEDORA:47B78612E605"]}, {"type": "ubuntu", "idList": ["USN-3408-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3111"]}, {"type": "redhat", "idList": ["RHSA-2017:3111"]}, {"type": "centos", "idList": ["CESA-2017:3111"]}, {"type": "cve", "idList": ["CVE-2017-13742", "CVE-2017-13743", "CVE-2017-13738", "CVE-2017-13741", "CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13744"]}], "modified": "2019-05-29T18:34:48", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2019-05-29T18:34:48", "rev": 2}, "vulnersScore": 6.0}, "pluginID": "1361412562310873688", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_2c9852dd05_liblouis_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for liblouis FEDORA-2017-2c9852dd05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873688\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:07:31 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13741\",\n \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for liblouis FEDORA-2017-2c9852dd05\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"liblouis on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2c9852dd05\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB5RNRFGI6HZN6VFOFGNA5YPMMX5WOZA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.6.2~12.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13738", "CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13741", "CVE-2017-13742", "CVE-2017-13743", "CVE-2017-13744"], "description": "Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary brail le, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables t hat support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis has features to support screen-reading programs. This has led to i ts use in two open-source screen readers, NVDA and Orca. It is also used in so me commercial assistive technology applications for example by ViewPlus. Liblouis is based on the translation routines in the BRLTTY screen reader f or Linux. It has, however, gone far beyond these routines. ", "modified": "2017-11-15T17:58:29", "published": "2017-11-15T17:58:29", "id": "FEDORA:8AABE604F0D8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: liblouis-2.6.2-12.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13738", "CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13741", "CVE-2017-13742", "CVE-2017-13743", "CVE-2017-13744"], "description": "Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary brail le, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables t hat support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis has features to support screen-reading programs. This has led to i ts use in two open-source screen readers, NVDA and Orca. It is also used in so me commercial assistive technology applications for example by ViewPlus. Liblouis is based on the translation routines in the BRLTTY screen reader f or Linux. It has, however, gone far beyond these routines. ", "modified": "2017-11-15T20:23:05", "published": "2017-11-15T20:23:05", "id": "FEDORA:47B78612E605", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: liblouis-2.6.2-12.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8184", "CVE-2017-13738", "CVE-2017-13741", "CVE-2017-13742", "CVE-2017-13743", "CVE-2017-13744", "CVE-2018-11683", "CVE-2018-17294"], "description": "Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary brail le, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables t hat support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis has features to support screen-reading programs. This has led to i ts use in two open-source screen readers, NVDA and Orca. It is also used in so me commercial assistive technology applications for example by ViewPlus. Liblouis is based on the translation routines in the BRLTTY screen reader f or Linux. It has, however, gone far beyond these routines. ", "modified": "2018-10-07T21:12:32", "published": "2018-10-07T21:12:32", "id": "FEDORA:59CE96042D39", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: liblouis-2.6.2-13.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:15:17", "description": "Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740\nCVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : liblouis (2017-f9f6398158)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2018-01-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:liblouis"], "id": "FEDORA_2017-F9F6398158.NASL", "href": "https://www.tenable.com/plugins/nessus/106012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f9f6398158.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106012);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_xref(name:\"FEDORA\", value:\"2017-f9f6398158\");\n\n script_name(english:\"Fedora 27 : liblouis (2017-f9f6398158)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740\nCVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9f6398158\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"liblouis-2.6.2-12.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:43", "description": "Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740\nCVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-16T00:00:00", "title": "Fedora 26 : liblouis (2017-2c9852dd05)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2017-11-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:liblouis", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-2C9852DD05.NASL", "href": "https://www.tenable.com/plugins/nessus/104592", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2c9852dd05.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104592);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_xref(name:\"FEDORA\", value:\"2017-2c9852dd05\");\n\n script_name(english:\"Fedora 26 : liblouis (2017-2c9852dd05)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740\nCVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c9852dd05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"liblouis-2.6.2-12.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:31", "description": "This update for liblouis fixes several issues. These security issues\nwere fixed :\n\n - CVE-2017-13738: Prevent illegal address access in the\n _lou_getALine function that allowed to cause remote DoS\n (bsc#1056105).\n\n - CVE-2017-13739: Prevent heap-based buffer overflow in\n the function resolveSubtable() that could have caused\n DoS or remote code execution (bsc#1056101).\n\n - CVE-2017-13740: Prevent stack-based buffer overflow in\n the function parseChars() that could have caused DoS or\n possibly unspecified other impact (bsc#1056097)\n\n - CVE-2017-13741: Prevent use-after-free in function\n compileBrailleIndicator() that allowed to cause remote\n DoS (bsc#1056095).\n\n - CVE_2017-13742: Prevent stack-based buffer overflow in\n function includeFile that allowed to cause remote DoS\n (bsc#1056093).\n\n - CVE-2017-13743: Prevent buffer overflow triggered in the\n function _lou_showString() that allowed to cause remote\n DoS (bsc#1056090).\n\n - CVE-2017-13744: Prevent illegal address access in the\n function _lou_getALine() that allowed to cause remote\n DoS (bsc#1056088).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-28T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2017:2570-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13741"], "modified": "2017-09-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:liblouis-data", "p-cpe:/a:novell:suse_linux:liblouis9", "p-cpe:/a:novell:suse_linux:python-louis", "p-cpe:/a:novell:suse_linux:liblouis-debugsource", "p-cpe:/a:novell:suse_linux:python3-louis", "p-cpe:/a:novell:suse_linux:liblouis9-debuginfo"], "id": "SUSE_SU-2017-2570-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2570-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103528);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2017:2570-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for liblouis fixes several issues. These security issues\nwere fixed :\n\n - CVE-2017-13738: Prevent illegal address access in the\n _lou_getALine function that allowed to cause remote DoS\n (bsc#1056105).\n\n - CVE-2017-13739: Prevent heap-based buffer overflow in\n the function resolveSubtable() that could have caused\n DoS or remote code execution (bsc#1056101).\n\n - CVE-2017-13740: Prevent stack-based buffer overflow in\n the function parseChars() that could have caused DoS or\n possibly unspecified other impact (bsc#1056097)\n\n - CVE-2017-13741: Prevent use-after-free in function\n compileBrailleIndicator() that allowed to cause remote\n DoS (bsc#1056095).\n\n - CVE_2017-13742: Prevent stack-based buffer overflow in\n function includeFile that allowed to cause remote DoS\n (bsc#1056093).\n\n - CVE-2017-13743: Prevent buffer overflow triggered in the\n function _lou_showString() that allowed to cause remote\n DoS (bsc#1056090).\n\n - CVE-2017-13744: Prevent illegal address access in the\n function _lou_getALine() that allowed to cause remote\n DoS (bsc#1056088).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13738/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13744/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172570-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b52fc0a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1590=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1590=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1590=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1590=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1590=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1590=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1590=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblouis9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis-data-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis-debugsource-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis9-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"liblouis9-debuginfo-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-louis-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-louis-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"liblouis-data-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"liblouis-debugsource-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"liblouis9-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"liblouis9-debuginfo-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-louis-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-louis-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis-data-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis-debugsource-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis9-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"liblouis9-debuginfo-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-louis-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"liblouis-data-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"liblouis-debugsource-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"liblouis9-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"liblouis9-debuginfo-2.6.4-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-louis-2.6.4-6.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:31:09", "description": "This update for liblouis fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-13738: Prevent illegal address access in the\n _lou_getALine function that allowed to cause remote DoS\n (bsc#1056105).\n\n - CVE-2017-13739: Prevent heap-based buffer overflow in\n the function resolveSubtable() that could have caused\n DoS or remote code execution (bsc#1056101).\n\n - CVE-2017-13740: Prevent stack-based buffer overflow in\n the function parseChars() that could have caused DoS or\n possibly unspecified other impact (bsc#1056097) \n\n - CVE-2017-13741: Prevent use-after-free in function\n compileBrailleIndicator() that allowed to cause remote\n DoS (bsc#1056095).\n\n - CVE_2017-13742: Prevent stack-based buffer overflow in\n function includeFile that allowed to cause remote DoS\n (bsc#1056093).\n\n - CVE-2017-13743: Prevent buffer overflow triggered in the\n function _lou_showString() that allowed to cause remote\n DoS (bsc#1056090).\n\n - CVE-2017-13744: Prevent illegal address access in the\n function _lou_getALine() that allowed to cause remote\n DoS (bsc#1056088).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-04T00:00:00", "title": "openSUSE Security Update : liblouis (openSUSE-2017-1120)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13741"], "modified": "2017-10-04T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:liblouis-debugsource", "p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo", "p-cpe:/a:novell:opensuse:liblouis-tools", "p-cpe:/a:novell:opensuse:liblouis-data", "p-cpe:/a:novell:opensuse:liblouis-devel", "p-cpe:/a:novell:opensuse:liblouis9", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:liblouis9-debuginfo", "p-cpe:/a:novell:opensuse:python-louis"], "id": "OPENSUSE-2017-1120.NASL", "href": "https://www.tenable.com/plugins/nessus/103660", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103660);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n\n script_name(english:\"openSUSE Security Update : liblouis (openSUSE-2017-1120)\");\n script_summary(english:\"Check for the openSUSE-2017-1120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for liblouis fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-13738: Prevent illegal address access in the\n _lou_getALine function that allowed to cause remote DoS\n (bsc#1056105).\n\n - CVE-2017-13739: Prevent heap-based buffer overflow in\n the function resolveSubtable() that could have caused\n DoS or remote code execution (bsc#1056101).\n\n - CVE-2017-13740: Prevent stack-based buffer overflow in\n the function parseChars() that could have caused DoS or\n possibly unspecified other impact (bsc#1056097) \n\n - CVE-2017-13741: Prevent use-after-free in function\n compileBrailleIndicator() that allowed to cause remote\n DoS (bsc#1056095).\n\n - CVE_2017-13742: Prevent stack-based buffer overflow in\n function includeFile that allowed to cause remote DoS\n (bsc#1056093).\n\n - CVE-2017-13743: Prevent buffer overflow triggered in the\n function _lou_showString() that allowed to cause remote\n DoS (bsc#1056090).\n\n - CVE-2017-13744: Prevent illegal address access in the\n function _lou_getALine() that allowed to cause remote\n DoS (bsc#1056088).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056105\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblouis9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis-data-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis-debugsource-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis-devel-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis-tools-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis-tools-debuginfo-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis9-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"liblouis9-debuginfo-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-louis-2.6.4-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-data-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-debugsource-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-devel-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-tools-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis-tools-debuginfo-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis9-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"liblouis9-debuginfo-2.6.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-louis-2.6.4-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis-data / liblouis-debugsource / liblouis-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:45:50", "description": "It was discovered that an illegal address access can be made in\nLiblouis. A remote attacker can take advantange of this to access\nsensitive information. (CVE-2017-13738, CVE-2017-13744)\n\nIt was discovered a heap-based buffer overflow that causes bytes\nout-of-bounds write in Liblouis. A remote attacker can use this to\ndenial of service or remote code execution. (CVE-2017-13739)\n\nIt was discovered a stack-based buffer overflow in Liblouis. A remote\nattacker can use this to denial of service or possibly unspecified\nother impact. (CVE-2017-13740, CVE-2017-13742).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-05T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : liblouis vulnerabilities (USN-3408-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-louis", "p-cpe:/a:canonical:ubuntu_linux:liblouis2", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:python3-louis", "p-cpe:/a:canonical:ubuntu_linux:liblouis12", "p-cpe:/a:canonical:ubuntu_linux:liblouis-bin", "p-cpe:/a:canonical:ubuntu_linux:liblouis9", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3408-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3408-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102956);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13742\", \"CVE-2017-13744\");\n script_xref(name:\"USN\", value:\"3408-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : liblouis vulnerabilities (USN-3408-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that an illegal address access can be made in\nLiblouis. A remote attacker can take advantange of this to access\nsensitive information. (CVE-2017-13738, CVE-2017-13744)\n\nIt was discovered a heap-based buffer overflow that causes bytes\nout-of-bounds write in Liblouis. A remote attacker can use this to\ndenial of service or remote code execution. (CVE-2017-13739)\n\nIt was discovered a stack-based buffer overflow in Liblouis. A remote\nattacker can use this to denial of service or possibly unspecified\nother impact. (CVE-2017-13740, CVE-2017-13742).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3408-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblouis9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-louis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liblouis-bin\", pkgver:\"2.5.3-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liblouis2\", pkgver:\"2.5.3-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-louis\", pkgver:\"2.5.3-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3-louis\", pkgver:\"2.5.3-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liblouis-bin\", pkgver:\"2.6.4-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liblouis9\", pkgver:\"2.6.4-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python-louis\", pkgver:\"2.6.4-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3-louis\", pkgver:\"2.6.4-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"liblouis-bin\", pkgver:\"3.0.0-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"liblouis12\", pkgver:\"3.0.0-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"python-louis\", pkgver:\"3.0.0-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"python3-louis\", pkgver:\"3.0.0-3ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis-bin / liblouis12 / liblouis2 / liblouis9 / python-louis / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:43", "description": "According to the versions of the liblouis packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n translation tables in liblouis. An attacker could crash\n or potentially execute arbitrary code using malicious\n translation tables. (CVE-2014-8184, CVE-2017-13738,\n CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\n CVE-2017-13743, CVE-2017-13744)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "title": "EulerOS 2.0 SP1 : liblouis (EulerOS-SA-2017-1289)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2017-12-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:liblouis", "p-cpe:/a:huawei:euleros:liblouis-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1289.NASL", "href": "https://www.tenable.com/plugins/nessus/104908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104908);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-8184\",\n \"CVE-2017-13740\",\n \"CVE-2017-13741\",\n \"CVE-2017-13742\",\n \"CVE-2017-13743\",\n \"CVE-2017-13744\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : liblouis (EulerOS-SA-2017-1289)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the liblouis packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n translation tables in liblouis. An attacker could crash\n or potentially execute arbitrary code using malicious\n translation tables. (CVE-2014-8184, CVE-2017-13738,\n CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\n CVE-2017-13743, CVE-2017-13744)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1289\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb41d089\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"liblouis-2.5.2-11\",\n \"liblouis-python-2.5.2-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:51:54", "description": "From Red Hat Security Advisory 2017:3111 :\n\nAn update for liblouis is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLiblouis is an open source braille translator and back-translator\nnamed in honor of Louis Braille. It features support for computer and\nliterary braille, supports contracted and uncontracted translation for\nmany languages and has support for hyphenation. New languages can\neasily be added through tables that support a rule or dictionary based\napproach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of translation tables in\nliblouis. An attacker could crash or potentially execute arbitrary\ncode using malicious translation tables. (CVE-2014-8184,\nCVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\nCVE-2017-13743, CVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio\n(Red Hat).", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "Oracle Linux 7 : liblouis (ELSA-2017-3111)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2017-11-03T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:liblouis-devel", "p-cpe:/a:oracle:linux:liblouis-doc", "p-cpe:/a:oracle:linux:liblouis", "p-cpe:/a:oracle:linux:liblouis-utils", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:liblouis-python"], "id": "ORACLELINUX_ELSA-2017-3111.NASL", "href": "https://www.tenable.com/plugins/nessus/104368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:3111 and \n# Oracle Linux Security Advisory ELSA-2017-3111 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104368);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13738\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_xref(name:\"RHSA\", value:\"2017:3111\");\n\n script_name(english:\"Oracle Linux 7 : liblouis (ELSA-2017-3111)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:3111 :\n\nAn update for liblouis is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLiblouis is an open source braille translator and back-translator\nnamed in honor of Louis Braille. It features support for computer and\nliterary braille, supports contracted and uncontracted translation for\nmany languages and has support for hyphenation. New languages can\neasily be added through tables that support a rule or dictionary based\napproach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of translation tables in\nliblouis. An attacker could crash or potentially execute arbitrary\ncode using malicious translation tables. (CVE-2014-8184,\nCVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\nCVE-2017-13743, CVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio\n(Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-November/007325.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:liblouis-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:liblouis-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"liblouis-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"liblouis-devel-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"liblouis-doc-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"liblouis-python-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"liblouis-utils-2.5.2-11.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis / liblouis-devel / liblouis-doc / liblouis-python / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:50:18", "description": "Security Fix(es) :\n\n - Multiple flaws were found in the processing of\n translation tables in liblouis. An attacker could crash\n or potentially execute arbitrary code using malicious\n translation tables. (CVE-2014-8184, CVE-2017-13738,\n CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\n CVE-2017-13743, CVE-2017-13744)", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "Scientific Linux Security Update : liblouis on SL7.x x86_64 (20171102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2017-11-03T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:liblouis-doc", "p-cpe:/a:fermilab:scientific_linux:liblouis-debuginfo", "p-cpe:/a:fermilab:scientific_linux:liblouis-python", "p-cpe:/a:fermilab:scientific_linux:liblouis", "p-cpe:/a:fermilab:scientific_linux:liblouis-devel", "p-cpe:/a:fermilab:scientific_linux:liblouis-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171102_LIBLOUIS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104373);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13738\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n\n script_name(english:\"Scientific Linux Security Update : liblouis on SL7.x x86_64 (20171102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in the processing of\n translation tables in liblouis. An attacker could crash\n or potentially execute arbitrary code using malicious\n translation tables. (CVE-2014-8184, CVE-2017-13738,\n CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\n CVE-2017-13743, CVE-2017-13744)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1711&L=scientific-linux-errata&F=&S=&P=79\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6b253dc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:liblouis-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:liblouis-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:liblouis-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"liblouis-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"liblouis-debuginfo-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"liblouis-devel-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"liblouis-doc-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"liblouis-python-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"liblouis-utils-2.5.2-11.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis / liblouis-debuginfo / liblouis-devel / liblouis-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:43", "description": "According to the versions of the liblouis packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n translation tables in liblouis. An attacker could crash\n or potentially execute arbitrary code using malicious\n translation tables. (CVE-2014-8184, CVE-2017-13738,\n CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\n CVE-2017-13743, CVE-2017-13744)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "title": "EulerOS 2.0 SP2 : liblouis (EulerOS-SA-2017-1290)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2017-12-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:liblouis", "p-cpe:/a:huawei:euleros:liblouis-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1290.NASL", "href": "https://www.tenable.com/plugins/nessus/104909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104909);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-8184\",\n \"CVE-2017-13740\",\n \"CVE-2017-13741\",\n \"CVE-2017-13742\",\n \"CVE-2017-13743\",\n \"CVE-2017-13744\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : liblouis (EulerOS-SA-2017-1290)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the liblouis packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n translation tables in liblouis. An attacker could crash\n or potentially execute arbitrary code using malicious\n translation tables. (CVE-2014-8184, CVE-2017-13738,\n CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\n CVE-2017-13743, CVE-2017-13744)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1290\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af755b14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblouis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"liblouis-2.5.2-11\",\n \"liblouis-python-2.5.2-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:31:46", "description": "An update for liblouis is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLiblouis is an open source braille translator and back-translator\nnamed in honor of Louis Braille. It features support for computer and\nliterary braille, supports contracted and uncontracted translation for\nmany languages and has support for hyphenation. New languages can\neasily be added through tables that support a rule or dictionary based\napproach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of translation tables in\nliblouis. An attacker could crash or potentially execute arbitrary\ncode using malicious translation tables. (CVE-2014-8184,\nCVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\nCVE-2017-13743, CVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio\n(Red Hat).", "edition": 28, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-06T00:00:00", "title": "CentOS 7 : liblouis (CESA-2017:3111)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "modified": "2017-11-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:liblouis-utils", "p-cpe:/a:centos:centos:liblouis-devel", "p-cpe:/a:centos:centos:liblouis-doc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:liblouis-python", "p-cpe:/a:centos:centos:liblouis"], "id": "CENTOS_RHSA-2017-3111.NASL", "href": "https://www.tenable.com/plugins/nessus/104396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3111 and \n# CentOS Errata and Security Advisory 2017:3111 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104396);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13738\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_xref(name:\"RHSA\", value:\"2017:3111\");\n\n script_name(english:\"CentOS 7 : liblouis (CESA-2017:3111)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for liblouis is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nLiblouis is an open source braille translator and back-translator\nnamed in honor of Louis Braille. It features support for computer and\nliterary braille, supports contracted and uncontracted translation for\nmany languages and has support for hyphenation. New languages can\neasily be added through tables that support a rule or dictionary based\napproach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of translation tables in\nliblouis. An attacker could crash or potentially execute arbitrary\ncode using malicious translation tables. (CVE-2014-8184,\nCVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742,\nCVE-2017-13743, CVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio\n(Red Hat).\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-November/022612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67c547f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liblouis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8184\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:liblouis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:liblouis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:liblouis-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:liblouis-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:liblouis-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"liblouis-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"liblouis-devel-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"liblouis-doc-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"liblouis-python-2.5.2-11.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"liblouis-utils-2.5.2-11.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liblouis / liblouis-devel / liblouis-doc / liblouis-python / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-23T00:00:00", "id": "OPENVAS:1361412562310873731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873731", "type": "openvas", "title": "Fedora Update for liblouis FEDORA-2017-f9f6398158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f9f6398158_liblouis_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for liblouis FEDORA-2017-f9f6398158\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873731\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:11:31 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13741\",\n \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for liblouis FEDORA-2017-f9f6398158\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"liblouis on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f9f6398158\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWLK3H6RZUFJZH4N5L3GRYBTZVMC7MHO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.6.2~12.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843739", "type": "openvas", "title": "Ubuntu Update for liblouis USN-3408-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3408_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for liblouis USN-3408-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843739\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-13738\", \"CVE-2017-13744\", \"CVE-2017-13739\", \"CVE-2017-13740\", \"CVE-2017-13742\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:13:49 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for liblouis USN-3408-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3408-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3408-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the USN-3408-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that an illegal address access can be made in\nLiblouis. A remote attacker can take advantange of this to\naccess sensitive information. (CVE-2017-13738, CVE-2017-13744)\n\nIt was discovered a heap-based buffer overflow that causes bytes\nout-of-bounds write in Liblouis. A remote attacker can use this to\ndenial of service or remote code execution. (CVE-2017-13739)\n\nIt was discovered a stack-based buffer overflow in Liblouis. A remote\nattacker can use this to denial of service or possibly unspecified\nother impact. (CVE-2017-13740, CVE-2017-13742)\");\n\n script_tag(name:\"affected\", value:\"liblouis on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"2.5.3-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis2\", ver:\"2.5.3-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-louis\", ver:\"2.5.3-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-louis\", ver:\"2.5.3-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"3.0.0-3ubuntu0.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis12\", ver:\"3.0.0-3ubuntu0.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-louis\", ver:\"3.0.0-3ubuntu0.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-louis\", ver:\"3.0.0-3ubuntu0.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liblouis-bin\", ver:\"2.6.4-2ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liblouis9\", ver:\"2.6.4-2ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-louis\", ver:\"2.6.4-2ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-louis\", ver:\"2.6.4-2ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171289", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2017-1289)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1289\");\n script_version(\"2020-01-23T11:05:37+0000\");\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:05:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:05:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2017-1289)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1289\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1289\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'liblouis' package(s) announced via the EulerOS-SA-2017-1289 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)\");\n\n script_tag(name:\"affected\", value:\"'liblouis' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.5.2~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-python\", rpm:\"liblouis-python~2.5.2~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171290", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2017-1290)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1290\");\n script_version(\"2020-01-23T11:05:42+0000\");\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:05:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:05:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for liblouis (EulerOS-SA-2017-1290)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1290\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1290\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'liblouis' package(s) announced via the EulerOS-SA-2017-1290 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)\");\n\n script_tag(name:\"affected\", value:\"'liblouis' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.5.2~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblouis-python\", rpm:\"liblouis-python~2.5.2~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T15:06:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "Check the version of liblouis", "modified": "2019-08-13T00:00:00", "published": "2017-11-05T00:00:00", "id": "OPENVAS:1361412562310882797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882797", "type": "openvas", "title": "CentOS Update for liblouis CESA-2017:3111 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for liblouis CESA-2017:3111 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882797\");\n script_version(\"2019-08-13T08:33:23+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-13 08:33:23 +0000 (Tue, 13 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-05 08:49:20 +0100 (Sun, 05 Nov 2017)\");\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13738\", \"CVE-2017-13740\", \"CVE-2017-13741\",\n \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for liblouis CESA-2017:3111 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of liblouis\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Liblouis is an open source braille\ntranslator and back-translator named in honor of Louis Braille. It features\nsupport for computer and literary braille, supports contracted and uncontracted\ntranslation for many languages and has support for hyphenation. New languages\ncan easily be added through tables that support a rule or dictionary based\napproach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of translation tables in\nliblouis. An attacker could crash or potentially execute arbitrary code\nusing malicious translation tables. (CVE-2014-8184, CVE-2017-13738,\nCVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743,\nCVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red\nHat).\");\n script_tag(name:\"affected\", value:\"liblouis on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:3111\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-November/022612.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.5.2~11.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblouis-devel\", rpm:\"liblouis-devel~2.5.2~11.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblouis-doc\", rpm:\"liblouis-doc~2.5.2~11.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblouis-python\", rpm:\"liblouis-python~2.5.2~11.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblouis-utils\", rpm:\"liblouis-utils~2.5.2~11.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T15:06:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "The remote host is missing an update for the ", "modified": "2019-08-13T00:00:00", "published": "2017-11-04T00:00:00", "id": "OPENVAS:1361412562310812076", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812076", "type": "openvas", "title": "RedHat Update for liblouis RHSA-2017:3111-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for liblouis RHSA-2017:3111-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812076\");\n script_version(\"2019-08-13T08:33:23+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-13 08:33:23 +0000 (Tue, 13 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-04 09:05:51 +0100 (Sat, 04 Nov 2017)\");\n script_cve_id(\"CVE-2014-8184\", \"CVE-2017-13738\", \"CVE-2017-13740\", \"CVE-2017-13741\",\n \"CVE-2017-13742\", \"CVE-2017-13743\", \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for liblouis RHSA-2017:3111-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Liblouis is an open source braille translator\n and back-translator named in honor of Louis Braille. It features support for\n computer and literary braille, supports contracted and uncontracted translation\n for many languages and has support for hyphenation. New languages can easily be\n added through tables that support a rule or dictionary based approach.\nLiblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of translation tables in\nliblouis. An attacker could crash or potentially execute arbitrary code\nusing malicious translation tables. (CVE-2014-8184, CVE-2017-13738,\nCVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743,\nCVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red\nHat).\");\n script_tag(name:\"affected\", value:\"liblouis on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3111-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-November/msg00001.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"liblouis-python\", rpm:\"liblouis-python~2.5.2~11.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.5.2~11.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblouis-debuginfo\", rpm:\"liblouis-debuginfo~2.5.2~11.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T14:49:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2018-11683", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741", "CVE-2018-17294"], "description": "The remote host is missing an update for the ", "modified": "2019-08-13T00:00:00", "published": "2018-10-08T00:00:00", "id": "OPENVAS:1361412562310875152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875152", "type": "openvas", "title": "Fedora Update for liblouis FEDORA-2018-9a09435935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for liblouis FEDORA-2018-9a09435935\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875152\");\n script_version(\"2019-08-13T08:33:23+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-13 08:33:23 +0000 (Tue, 13 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-08 08:23:01 +0200 (Mon, 08 Oct 2018)\");\n script_cve_id(\"CVE-2018-17294\", \"CVE-2018-11683\", \"CVE-2014-8184\", \"CVE-2017-13738\",\n \"CVE-2017-13740\", \"CVE-2017-13741\", \"CVE-2017-13742\", \"CVE-2017-13743\",\n \"CVE-2017-13744\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for liblouis FEDORA-2018-9a09435935\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'liblouis'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"liblouis on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9a09435935\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A26FN3RBQA4VYAB4DSVKITN4OZXCEBD6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"liblouis\", rpm:\"liblouis~2.6.2~13.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13739", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742"], "description": "It was discovered that an illegal address access can be made in \nLiblouis. A remote attacker can take advantange of this to \naccess sensitive information. (CVE-2017-13738, CVE-2017-13744)\n\nIt was discovered a heap-based buffer overflow that causes bytes \nout-of-bounds write in Liblouis. A remote attacker can use this to \ndenial of service or remote code execution. (CVE-2017-13739)\n\nIt was discovered a stack-based buffer overflow in Liblouis. A remote \nattacker can use this to denial of service or possibly unspecified other \nimpact. (CVE-2017-13740, CVE-2017-13742)", "edition": 5, "modified": "2017-09-04T00:00:00", "published": "2017-09-04T00:00:00", "id": "USN-3408-1", "href": "https://ubuntu.com/security/notices/USN-3408-1", "title": "Liblouis vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8184", "CVE-2017-13738", "CVE-2017-13740", "CVE-2017-13741", "CVE-2017-13742", "CVE-2017-13743", "CVE-2017-13744"], "description": "Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red Hat).", "modified": "2018-04-12T03:33:29", "published": "2017-11-02T18:57:40", "id": "RHSA-2017:3111", "href": "https://access.redhat.com/errata/RHSA-2017:3111", "type": "redhat", "title": "(RHSA-2017:3111) Moderate: liblouis security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "[2.5.2-11]\n- Resolves: CVE-2017-13738, CVE-2017-13740, CVE-2017-13741,\n CVE-2017-13742, CVE-2017-13743, CVE-2017-13744, CVE-2014-8184", "edition": 4, "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3111", "href": "http://linux.oracle.com/errata/ELSA-2017-3111.html", "title": "liblouis security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:36:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8184", "CVE-2017-13743", "CVE-2017-13740", "CVE-2017-13744", "CVE-2017-13738", "CVE-2017-13742", "CVE-2017-13741"], "description": "**CentOS Errata and Security Advisory** CESA-2017:3111\n\n\nLiblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg).\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)\n\nThe CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red Hat).\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-November/034650.html\n\n**Affected packages:**\nliblouis\nliblouis-devel\nliblouis-doc\nliblouis-python\nliblouis-utils\n\n**Upstream details at:**\n", "edition": 4, "modified": "2017-11-03T20:03:45", "published": "2017-11-03T20:03:45", "href": "http://lists.centos.org/pipermail/centos-announce/2017-November/034650.html", "id": "CESA-2017:3111", "type": "centos", "title": "liblouis security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T13:07:35", "description": "There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13739", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13739"], "modified": "2017-09-07T01:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13739", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13742", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13742"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13742", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13741", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13741"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13741", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13743", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13743"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13740", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13740"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13740", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13744", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13744"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13744", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T06:29:00", "title": "CVE-2017-13738", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13738"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:liblouis:liblouis:3.2.0"], "id": "CVE-2017-13738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13738", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*"]}]}