DATABASE RESOURCES PRICING ABOUT US

{"id": "ELSA-2021-1586", "type": "oraclelinux", "bulletinFamily": "unix", "title": "GNOME security, bug fix, and enhancement update", "description": "accountsservice\n[0.6.55-1]\n- Rebase to 0.6.55\n Resolves: #1846376\natkmm\n[2.24.2-7]\n- Rebuild for annobin fixes\n- Resolves: rhbz#1703969\ncairomm\n[1.12.0-8]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1703971\nchrome-gnome-shell\n[10.1-7]\n- Disable updates support\n Resolves: #1802105\ndleyna-core\n[0.6.0-3]\n- Dont remove a queue more than once\n- Remove any pending task processing handlers when destroying a queue\nResolves: #1464902\ndleyna-server\n[0.6.0-3]\n- Avoid crash when getting server properties\nResolves: #1464902\nenchant2\n[2.2.3-3]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1703990\ngamin\n[0.1.10-32]\n- Add a comment clarifying the license (rhbz#1096200)\ngdm\n[3.28.3-39]\n- Ensure login screen display server is is killed at log in\n- Pull in fixes for two security issues\n Resolves: #1918391\n[3.28.3-38]\n- Re-add disabling Wayland for server GPUs\n Related: #1670273\n[3.28.3-35]\n- Stop disabling Wayland for server GPUs\n Related: #1670273\ngeoclue2\n[2.5.5-2]\n- Fix multilib conflicts in -devel subpackage (#1853141)\ngeocode-glib\n[3.26.0-3]\n- Rebuild against fixed gtk-doc to fix another multilib conflict (#1853142)\n[3.26.0-2]\n- Fix multilib conflicts in -devel subpackage (#1853142)\ngjs\n[1.56.2-5]\n- Fix undefined property warnings\n Related: #1845660\nglib2\n[2.56.4-9]\n- Update GHmac patch to implement g_hmac_copy()\n Resolves: #1786538\n- Update keyfile settings backend\n Resolves: #1728896\n- Fix CVE-2019-13012\n Resolves: #1728632\nglibmm24\n[2.56.0-2]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1704002\ngnome-boxes\n[3.36.5-8.0.1]\n- Add Oracle Linux 8.3 and 8.4 for VM template [Orabug: 32013221] [Orabug: 32840088]\n[3.36.5-8]\n- Pass discard 'unmap' to supported disk drivers\n- Related: #1152037\n[3.36.5-7]\n- Fix mixing VM widgets\n- Related: #1639163\ngnome-control-center\n[3.28.2-27]\n- Update fr, ja, zh_CN translations\n- Resolves: #1876291\n[3.28.2-26]\n- Support Simple Content Access from subscription manager\n Related: #1870837\n[3.28.2-25]\n- Fix a leak found by Coverity\n- Related: #1700002\n[3.28.2-24]\n- Fix crashes when updating printer entries\n- Related: #1700002\n- Resolves: #1903043\n[3.28.2-23]\n- Update list of printers instead of regenerating it\n- Resolves: #1700002\ngnome-online-accounts\n[3.28.2-2]\n- Rebuild to fix multilib issues\n Resolves: #1765627\ngnome-photos\n[3.28.1-4]\n- Add a manual\nResolves: #1612779\ngnome-settings-daemon\n[3.32.0-14]\n- Update fr, ja, zh_CN translations\n- Resolves: #1876291\n[3.32.0-13]\n- Add back subscription-manager plugin\n Related: #1870837\n[3.32.0-12]\n- Handle org.gnome.Shell.Screencast Stopped signal\n Related: #1705392\ngnome-shell\n[3.32.2-30]\n- Backport of touch mode\n Resolves: #1833787\n[3.32.2-29]\n- Refuse to override system extensions\n Related: #1802105\n[3.32.2-28]\n- Backport extension updates support\n Related: #1802105\n[3.32.2-27]\n- Default to printing JS backtrace on segfaults\n Resolves: #1883868\n[3.32.2-26]\n- Backport OSK fixes\n Resolves: #1871041\n[3.32.2-25]\n- Stop screen recording on monitor changes\n Resolves: #1705392\n[3.32.2-24]\n- Handle workspace from startup notification\n Resolves: #1671761\n[3.32.2-23]\n- Work around aggressive garbage collection\n Related: #1881312\n[3.32.2-22]\n- Wake up lock screen when deactivated programmatically\n Resolves: #1854290\n- Backport better caps-lock warning\n Resolves: #1861357\n- Fix more (harmless) JS warnings\n Resolves: #1881312\n[3.32.2-21]\n- Fix JS warning in AuthList downstream patch\n Resolves: #1860946\ngnome-shell-extensions\n[3.32.1-14]\n- Use same logic than Nautilus for double click/tap in desktop-icons extension\n Resolves: #1842229\n[3.32.1-13]\n- Update Japanese translation\n Related: #1865718\n[3.32.1-12]\n- Adjust gettext locale in desktop-icons extension\n Resolves: #1865718\ngnome-software\n[3.36.1-5]\n- Fix flatpak updates and removals when same ref occurs in multiple remotes\n- Resolves: #1888407\ngnome-terminal\n[3.28.3-3]\n- Support using the '0', '+' and '-' keys from the numeric keypad as\n accelerators\n- Resolves: #837035\ngtk-doc\n[1.28-3]\n- Backport an upstream patch to fix G_MAXINT appearing as G_MAXLONG on 32 bit\n- Related: #1853142\ngtkmm24\n[2.24.5-6]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1704012\ngtkmm30\n[3.22.2-3]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1704013\ngvfs\n[1.36.2-11]\n- Add support for certificates prompts for GOA mounts (rhbz#1889411)\nlibdazzle\n[3.28.5-2]\n- Rebuild to ship libdazzle-devel in CRB\n- Resolves: #1919429\nlibepubgen\n[0.1.0-3]\n- Resolves: rhbz#1919432 bump n-v-r and rebuild\nlibsass\n[3.4.5-6]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1704058\nlibsigc++20\n[2.10.0-6]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1704059\nlibvisual\n[1:0.4.0-25]\n- Fix multilib conflicts in lvconfig.h\n- Resolves: #1853155\nmutter\n[3.32.2-57]\n- Backport touch-mode\n Resolves: #1833787\n[3.32.2-56]\n- Backport geometric picking patches\n Resolves: #1919467\n[3.32.2-55]\n- Fix slow nouveau with llvmpipe\n Resolves: #1921151\n[3.32.2-54]\n- Fix polyinstantiation patch backport\n Resolves: #1861769\n[3.32.2-53]\n- Fix test case backport\n Related: #1786496\n[3.32.2-52]\n- Support polyinstantiation\n Resolves: #1861769\n- Mitigate nouveau misidentifying connectors\n Resolves: #1786496\n[3.32.2-51]\n- Add PING_TIMEOUT_DELAY to mutter MetaPreferences\n Resolves: #1886034\n[3.32.2-50]\n- Fix GLX stereo buffer rebase error\n Resolves: #1889528\n[3.32.2-49]\n- Add tile based shadow buffer damage tracking\n Resolves: #1670273\nnautilus\n[3.28.1-15]\n- Fix activation_uri handling to prevent invalid bookmarks (rhbz#1906499)\nOpenEXR\n[2.2.0-12]\n- In check, dont override PKG_CONFIG_PATH from the environment (#1907528)\npangomm\n[2.40.1-6]\n- Rebuild for the annobin fixes\n- Resolves: rhbz#1704100\nsoundtouch\n[2.0.0-3]\n- Rebuild for the annobin fixes\n- Remove an unused patch\n- Resolves: rhbz#1704123\nvala\n[0.40.19-2]\n- Fix multilib conflicts in vala-gen-introspect\n- Resolves: #1853170\nwebkit2gtk3\n[2.30.4-1]\n- Update to 2.30.4\n- Related: #1883304\n[2.30.3-1]\n- Update to 2.30.3\n- Related: #1883304\n[2.30.2-2]\n- Try to fix coverity build by disabling docs (thanks to Kamil Dudka \n!)\n- Related: #1883304\n[2.30.2-1]\n- Update to 2.30.2\n- Related: #1883304\n[2.30.1-1]\n- Update to 2.30.1\n- Related: #1883304\nwoff2\n[1.0.2-5]\n- Resolves: rhbz#1919435 bump NVR for rebuild", "published": "2021-05-25T00:00:00", "modified": "2021-05-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "http://linux.oracle.com/errata/ELSA-2021-1586.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2019-13012", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983"], "immutableFields": [], "lastseen": "2021-07-28T14:24:47", "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1586"]}, {"type": "apple", "idList": ["APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:B61E4B61B5310615293FA7FAB3B993B7", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211845", "APPLE:HT211850", "APPLE:HT211935", "APPLE:HT211952"]}, {"type": "archlinux", "idList": ["ASA-202011-28"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A8173D294B6DEC22BA8E4286E26D99DE", "CFOUNDRY:F06FFA2BD37C8D049603BACF49C5DBBE", "CFOUNDRY:F4A82A6B08C1BC8F71C40AB4FA993A57"]}, {"type": "cve", "idList": ["CVE-2019-13012", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1866-1:415BC", "DEBIAN:DLA-1866-1:D1352", "DEBIAN:DLA-1866-2:4F7E9", "DEBIAN:DLA-1866-2:95124", "DEBIAN:DSA-4797-1:1E569"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-13012", "DEBIANCVE:CVE-2020-13543", "DEBIANCVE:CVE-2020-13584", "DEBIANCVE:CVE-2020-9948", "DEBIANCVE:CVE-2020-9951", "DEBIANCVE:CVE-2020-9983"]}, {"type": "fedora", "idList": ["FEDORA:A7EF93093F43", "FEDORA:E5FCA30FC672"]}, {"type": "gentoo", "idList": ["GLSA-202012-10"]}, {"type": "ibm", "idList": ["6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "A2E923A551C0F36BAC84848E053A3A93F2AC1141EB9D1739FE1D48A6684F5352", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89"]}, {"type": "kaspersky", "idList": ["KLA12007", "KLA12017"]}, {"type": "mageia", "idList": ["MGASA-2020-0441"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-1586.NASL", "CENTOS8_RHSA-2021-1586.NASL", "DEBIAN_DLA-1866.NASL", "DEBIAN_DSA-4797.NASL", "EULEROS_SA-2019-1894.NASL", "EULEROS_SA-2019-1927.NASL", "EULEROS_SA-2019-2077.NASL", "EULEROS_SA-2020-1387.NASL", "EULEROS_SA-2020-1456.NASL", "EULEROS_SA-2020-1654.NASL", "FEDORA_2020-145877BCD3.NASL", "FEDORA_2020-E8A7566E80.NASL", "GENTOO_GLSA-202012-10.NASL", "NEWSTART_CGSL_NS-SA-2022-0048_WEBKIT2GTK3.NASL", "NEWSTART_CGSL_NS-SA-2022-0053_GLIB2.NASL", "OPENSUSE-2019-1749.NASL", "OPENSUSE-2020-2304.NASL", "OPENSUSE-2020-2310.NASL", "OPENSUSE-2022-0182-1.NASL", "ORACLELINUX_ELSA-2021-1586.NASL", "PHOTONOS_PHSA-2019-1_0-0245_GLIB.NASL", "PHOTONOS_PHSA-2019-2_0-0171_GLIB.NASL", "PHOTONOS_PHSA-2019-3_0-0024_GLIB.NASL", "REDHAT-RHSA-2021-1586.NASL", "SUSE_SU-2019-1824-1.NASL", "SUSE_SU-2019-1830-1.NASL", "SUSE_SU-2019-1830-2.NASL", "SUSE_SU-2019-1833-1.NASL", "SUSE_SU-2020-3864-1.NASL", "SUSE_SU-2020-3867-1.NASL", "SUSE_SU-2021-1990-1.NASL", "SUSE_SU-2022-0142-1.NASL", "SUSE_SU-2022-0182-1.NASL", "SUSE_SU-2022-0182-2.NASL", "SUSE_SU-2022-0183-1.NASL", "UBUNTU_USN-4049-1.NASL", "UBUNTU_USN-4648-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844081", "OPENVAS:1361412562310852617", "OPENVAS:1361412562310891866", "OPENVAS:1361412562311220191894", "OPENVAS:1361412562311220191927", "OPENVAS:1361412562311220192077", "OPENVAS:1361412562311220201387", "OPENVAS:1361412562311220201456", "OPENVAS:1361412562311220201654"]}, {"type": "osv", "idList": ["OSV:DLA-1866-1", "OSV:DLA-1866-2", "OSV:DSA-4797-1", "OSV:DSA-4797-2"]}, {"type": "photon", "idList": ["PHSA-2019-0024", "PHSA-2019-0171", "PHSA-2019-0245", "PHSA-2019-1.0-0245", "PHSA-2019-2.0-0171", "PHSA-2019-3.0-0024"]}, {"type": "redhat", "idList": ["RHSA-2021:1586", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2021:2479", "RHSA-2021:2920", "RHSA-2021:3119"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-13012", "RH:CVE-2020-13543", "RH:CVE-2020-13584", "RH:CVE-2020-9948", "RH:CVE-2020-9951", "RH:CVE-2020-9983"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1749-1", "OPENSUSE-SU-2020:2304-1", "OPENSUSE-SU-2020:2310-1", "OPENSUSE-SU-2022:0182-1", "OPENSUSE-SU-2022:0182-2"]}, {"type": "talos", "idList": ["TALOS-2020-1124", "TALOS-2020-1155", "TALOS-2020-1195"]}, {"type": "ubuntu", "idList": ["USN-4049-1", "USN-4049-2", "USN-4648-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-13012", "UB:CVE-2020-13543", "UB:CVE-2020-13584", "UB:CVE-2020-9948", "UB:CVE-2020-9951", "UB:CVE-2020-9983"]}, {"type": "veracode", "idList": ["VERACODE:30231", "VERACODE:30239", "VERACODE:30241", "VERACODE:30255", "VERACODE:30257"]}, {"type": "zdi", "idList": ["ZDI-20-1214"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1586"]}, {"type": "apple", "idList": ["APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:B61E4B61B5310615293FA7FAB3B993B7", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211845", "APPLE:HT211850", "APPLE:HT211935", "APPLE:HT211952"]}, {"type": "archlinux", "idList": ["ASA-202011-28"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A8173D294B6DEC22BA8E4286E26D99DE", "CFOUNDRY:F4A82A6B08C1BC8F71C40AB4FA993A57"]}, {"type": "cve", "idList": ["CVE-2019-13012"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1866-1:D1352", "DEBIAN:DLA-1866-2:4F7E9", "DEBIAN:DSA-4797-1:1E569"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-13012"]}, {"type": "fedora", "idList": ["FEDORA:A7EF93093F43", "FEDORA:E5FCA30FC672"]}, {"type": "gentoo", "idList": ["GLSA-202012-10"]}, {"type": "ibm", "idList": ["6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96"]}, {"type": "kaspersky", "idList": ["KLA12007", "KLA12017"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2020-13543/", "MSF:ILITIES/SUSE-CVE-2020-13584/"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-1586.NASL", "DEBIAN_DLA-1866.NASL", "DEBIAN_DSA-4797.NASL", "EULEROS_SA-2019-1894.NASL", "EULEROS_SA-2019-1927.NASL", "EULEROS_SA-2019-2077.NASL", "FEDORA_2020-145877BCD3.NASL", "GENTOO_GLSA-202012-10.NASL", "ORACLELINUX_ELSA-2021-1586.NASL", "PHOTONOS_PHSA-2019-1_0-0245_GLIB.NASL", "PHOTONOS_PHSA-2019-2_0-0171_GLIB.NASL", "PHOTONOS_PHSA-2019-3_0-0024_GLIB.NASL", "REDHAT-RHSA-2021-1586.NASL", "UBUNTU_USN-4648-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844081", "OPENVAS:1361412562310852617", "OPENVAS:1361412562310891866"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0245", "PHSA-2019-2.0-0171", "PHSA-2019-3.0-0024"]}, {"type": "redhat", "idList": ["RHSA-2021:3119"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13543", "RH:CVE-2020-13584", "RH:CVE-2020-9948", "RH:CVE-2020-9951", "RH:CVE-2020-9983"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1749-1"]}, {"type": "talos", "idList": ["TALOS-2020-1124", "TALOS-2020-1155", "TALOS-2020-1195"]}, {"type": "ubuntu", "idList": ["USN-4049-1", "USN-4049-2", "USN-4648-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13543", "UB:CVE-2020-9948", "UB:CVE-2020-9951", "UB:CVE-2020-9983"]}, {"type": "zdi", "idList": ["ZDI-20-1214"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-13012", "epss": "0.002100000", "percentile": "0.571820000", "modified": "2023-03-17"}, {"cve": "CVE-2020-13543", "epss": "0.012930000", "percentile": "0.837190000", "modified": "2023-03-16"}, {"cve": "CVE-2020-13584", "epss": "0.007620000", "percentile": "0.783410000", "modified": "2023-03-16"}, {"cve": "CVE-2020-9948", "epss": "0.001350000", "percentile": "0.470610000", "modified": "2023-03-16"}, {"cve": "CVE-2020-9951", "epss": "0.002540000", "percentile": "0.615820000", "modified": "2023-03-16"}, {"cve": "CVE-2020-9983", "epss": "0.003190000", "percentile": "0.658220000", "modified": "2023-03-16"}], "vulnersScore": -0.1}, "affectedPackage": [{"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-2.2.0-12.el8.src.rpm", "operator": "lt", "packageName": "openexr"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-0.6.55-1.el8.src.rpm", "operator": "lt", "packageName": "accountsservice"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-2.24.2-7.el8.src.rpm", "operator": "lt", "packageName": "atkmm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-1.12.0-8.el8.src.rpm", "operator": "lt", "packageName": "cairomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "10.1-7.el8", "packageFilename": "chrome-gnome-shell-10.1-7.el8.src.rpm", "operator": "lt", "packageName": "chrome-gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-core-0.6.0-3.el8.src.rpm", "operator": "lt", "packageName": "dleyna-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-2.2.3-3.el8.src.rpm", "operator": "lt", "packageName": "enchant2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-0.1.10-32.el8.src.rpm", "operator": "lt", "packageName": "gamin"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.3-39.el8", "packageFilename": "gdm-3.28.3-39.el8.src.rpm", "operator": "lt", "packageName": "gdm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-2.5.5-2.el8.src.rpm", "operator": "lt", "packageName": "geoclue2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-3.26.0-3.el8.src.rpm", "operator": "lt", "packageName": "geocode-glib"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-1.56.2-5.el8.src.rpm", "operator": "lt", "packageName": "gjs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-2.56.4-9.el8.src.rpm", "operator": "lt", "packageName": "glib2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-2.56.0-2.el8.src.rpm", "operator": "lt", "packageName": "glibmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.2-27.el8", "packageFilename": "gnome-control-center-3.28.2-27.el8.src.rpm", "operator": "lt", "packageName": "gnome-control-center"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-3.28.2-2.el8.src.rpm", "operator": "lt", "packageName": "gnome-online-accounts"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.0-14.el8", "packageFilename": "gnome-settings-daemon-3.32.0-14.el8.src.rpm", "operator": "lt", "packageName": "gnome-settings-daemon"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.2-30.el8", "packageFilename": "gnome-shell-3.32.2-30.el8.src.rpm", "operator": "lt", "packageName": "gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extensions-3.32.1-14.el8.src.rpm", "operator": "lt", "packageName": "gnome-shell-extensions"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.36.1-5.el8", "packageFilename": "gnome-software-3.36.1-5.el8.src.rpm", "operator": "lt", "packageName": "gnome-software"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.3-3.el8", "packageFilename": "gnome-terminal-3.28.3-3.el8.src.rpm", "operator": "lt", "packageName": "gnome-terminal"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.28-3.el8", "packageFilename": "gtk-doc-1.28-3.el8.src.rpm", "operator": "lt", "packageName": "gtk-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-2.24.32-5.el8.src.rpm", "operator": "lt", "packageName": "gtk2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-2.24.5-6.el8.src.rpm", "operator": "lt", "packageName": "gtkmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-3.22.2-3.el8.src.rpm", "operator": "lt", "packageName": "gtkmm30"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-1.36.2-11.el8.src.rpm", "operator": "lt", "packageName": "gvfs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-3.4.5-6.el8.src.rpm", "operator": "lt", "packageName": "libsass"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-2.10.0-6.el8.src.rpm", "operator": "lt", "packageName": "libsigc++20"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-0.4.0-25.el8.src.rpm", "operator": "lt", "packageName": "libvisual"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-3.32.2-57.el8.src.rpm", "operator": "lt", "packageName": "mutter"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-3.28.1-15.el8.src.rpm", "operator": "lt", "packageName": "nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-2.40.1-6.el8.src.rpm", "operator": "lt", "packageName": "pangomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-2.0.0-3.el8.src.rpm", "operator": "lt", "packageName": "soundtouch"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-0.40.19-2.el8.src.rpm", "operator": "lt", "packageName": "vala"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-2.30.4-1.el8.src.rpm", "operator": "lt", "packageName": "webkit2gtk3"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-1.0.2-5.el8.src.rpm", "operator": "lt", "packageName": "woff2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-devel-2.2.0-12.el8.aarch64.rpm", "operator": "lt", "packageName": "openexr-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-libs-2.2.0-12.el8.aarch64.rpm", "operator": "lt", "packageName": "openexr-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-0.6.55-1.el8.aarch64.rpm", "operator": "lt", "packageName": "accountsservice"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-devel-0.6.55-1.el8.aarch64.rpm", "operator": "lt", "packageName": "accountsservice-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-libs-0.6.55-1.el8.aarch64.rpm", "operator": "lt", "packageName": "accountsservice-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-2.24.2-7.el8.aarch64.rpm", "operator": "lt", "packageName": "atkmm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-devel-2.24.2-7.el8.aarch64.rpm", "operator": "lt", "packageName": "atkmm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-doc-2.24.2-7.el8.noarch.rpm", "operator": "lt", "packageName": "atkmm-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-1.12.0-8.el8.aarch64.rpm", "operator": "lt", "packageName": "cairomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-devel-1.12.0-8.el8.aarch64.rpm", "operator": "lt", "packageName": "cairomm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-doc-1.12.0-8.el8.noarch.rpm", "operator": "lt", "packageName": "cairomm-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "10.1-7.el8", "packageFilename": "chrome-gnome-shell-10.1-7.el8.aarch64.rpm", "operator": "lt", "packageName": "chrome-gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-core-0.6.0-3.el8.aarch64.rpm", "operator": "lt", "packageName": "dleyna-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-2.2.3-3.el8.aarch64.rpm", "operator": "lt", "packageName": "enchant2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-devel-2.2.3-3.el8.aarch64.rpm", "operator": "lt", "packageName": "enchant2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-0.1.10-32.el8.aarch64.rpm", "operator": "lt", "packageName": "gamin"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-devel-0.1.10-32.el8.aarch64.rpm", "operator": "lt", "packageName": "gamin-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.3-39.el8", "packageFilename": "gdm-3.28.3-39.el8.aarch64.rpm", "operator": "lt", "packageName": "gdm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-2.5.5-2.el8.aarch64.rpm", "operator": "lt", "packageName": "geoclue2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-demos-2.5.5-2.el8.aarch64.rpm", "operator": "lt", "packageName": "geoclue2-demos"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-devel-2.5.5-2.el8.aarch64.rpm", "operator": "lt", "packageName": "geoclue2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-libs-2.5.5-2.el8.aarch64.rpm", "operator": "lt", "packageName": "geoclue2-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-3.26.0-3.el8.aarch64.rpm", "operator": "lt", "packageName": "geocode-glib"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-devel-3.26.0-3.el8.aarch64.rpm", "operator": "lt", "packageName": "geocode-glib-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-1.56.2-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gjs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-devel-1.56.2-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gjs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-2.56.4-9.el8.aarch64.rpm", "operator": "lt", "packageName": "glib2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-devel-2.56.4-9.el8.aarch64.rpm", "operator": "lt", "packageName": "glib2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-doc-2.56.4-9.el8.noarch.rpm", "operator": "lt", "packageName": "glib2-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-fam-2.56.4-9.el8.aarch64.rpm", "operator": "lt", "packageName": "glib2-fam"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-static-2.56.4-9.el8.aarch64.rpm", "operator": "lt", "packageName": "glib2-static"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-tests-2.56.4-9.el8.aarch64.rpm", "operator": "lt", "packageName": "glib2-tests"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-2.56.0-2.el8.aarch64.rpm", "operator": "lt", "packageName": "glibmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-devel-2.56.0-2.el8.aarch64.rpm", "operator": "lt", "packageName": "glibmm24-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-doc-2.56.0-2.el8.noarch.rpm", "operator": "lt", "packageName": "glibmm24-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-classic-session-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-classic-session"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.2-27.el8", "packageFilename": "gnome-control-center-3.28.2-27.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-control-center"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.28.2-27.el8", "packageFilename": "gnome-control-center-filesystem-3.28.2-27.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-control-center-filesystem"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-3.28.2-2.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-online-accounts"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-devel-3.28.2-2.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-online-accounts-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.32.0-14.el8", "packageFilename": "gnome-settings-daemon-3.32.0-14.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-settings-daemon"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.32.2-30.el8", "packageFilename": "gnome-shell-3.32.2-30.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-apps-menu-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-apps-menu"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-auto-move-windows-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-auto-move-windows"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-common-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-common"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-dash-to-dock-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-dash-to-dock"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-desktop-icons-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-desktop-icons"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-disable-screenshield-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-disable-screenshield"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-drive-menu-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-drive-menu"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-horizontal-workspaces-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-horizontal-workspaces"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-launch-new-instance-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-launch-new-instance"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-native-window-placement-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-native-window-placement"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-no-hot-corner-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-no-hot-corner"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-panel-favorites-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-panel-favorites"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-places-menu-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-places-menu"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-screenshot-window-sizer-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-screenshot-window-sizer"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-systemMonitor-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-systemmonitor"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-top-icons-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-top-icons"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-updates-dialog-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-updates-dialog"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-user-theme-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-user-theme"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-window-grouper-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-window-grouper"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-window-list-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-window-list"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-windowsNavigator-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-windowsnavigator"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-workspace-indicator-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-workspace-indicator"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.36.1-5.el8", "packageFilename": "gnome-software-3.36.1-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-software"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.3-3.el8", "packageFilename": "gnome-terminal-3.28.3-3.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-terminal"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.3-3.el8", "packageFilename": "gnome-terminal-nautilus-3.28.3-3.el8.aarch64.rpm", "operator": "lt", "packageName": "gnome-terminal-nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.28-3.el8", "packageFilename": "gtk-doc-1.28-3.el8.aarch64.rpm", "operator": "lt", "packageName": "gtk-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-2.24.32-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gtk2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-devel-2.24.32-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gtk2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-devel-docs-2.24.32-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gtk2-devel-docs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-immodule-xim-2.24.32-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gtk2-immodule-xim"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-immodules-2.24.32-5.el8.aarch64.rpm", "operator": "lt", "packageName": "gtk2-immodules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-2.24.5-6.el8.aarch64.rpm", "operator": "lt", "packageName": "gtkmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-devel-2.24.5-6.el8.aarch64.rpm", "operator": "lt", "packageName": "gtkmm24-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-docs-2.24.5-6.el8.noarch.rpm", "operator": "lt", "packageName": "gtkmm24-docs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-3.22.2-3.el8.aarch64.rpm", "operator": "lt", "packageName": "gtkmm30"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-devel-3.22.2-3.el8.aarch64.rpm", "operator": "lt", "packageName": "gtkmm30-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-doc-3.22.2-3.el8.noarch.rpm", "operator": "lt", "packageName": "gtkmm30-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-afc-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-afc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-afp-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-afp"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-archive-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-archive"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-client-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-client"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-devel-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-fuse-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-fuse"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-goa-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-goa"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-gphoto2-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-gphoto2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-mtp-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-mtp"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-smb-1.36.2-11.el8.aarch64.rpm", "operator": "lt", "packageName": "gvfs-smb"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-3.4.5-6.el8.aarch64.rpm", "operator": "lt", "packageName": "libsass"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-devel-3.4.5-6.el8.aarch64.rpm", "operator": "lt", "packageName": "libsass-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-2.10.0-6.el8.aarch64.rpm", "operator": "lt", "packageName": "libsigc++20"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-devel-2.10.0-6.el8.aarch64.rpm", "operator": "lt", "packageName": "libsigc++20-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-doc-2.10.0-6.el8.noarch.rpm", "operator": "lt", "packageName": "libsigc++20-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-0.4.0-25.el8.aarch64.rpm", "operator": "lt", "packageName": "libvisual"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-devel-0.4.0-25.el8.aarch64.rpm", "operator": "lt", "packageName": "libvisual-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-3.32.2-57.el8.aarch64.rpm", "operator": "lt", "packageName": "mutter"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-devel-3.32.2-57.el8.aarch64.rpm", "operator": "lt", "packageName": "mutter-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-3.28.1-15.el8.aarch64.rpm", "operator": "lt", "packageName": "nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-devel-3.28.1-15.el8.aarch64.rpm", "operator": "lt", "packageName": "nautilus-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-extensions-3.28.1-15.el8.aarch64.rpm", "operator": "lt", "packageName": "nautilus-extensions"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-2.40.1-6.el8.aarch64.rpm", "operator": "lt", "packageName": "pangomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-devel-2.40.1-6.el8.aarch64.rpm", "operator": "lt", "packageName": "pangomm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-doc-2.40.1-6.el8.noarch.rpm", "operator": "lt", "packageName": "pangomm-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-2.0.0-3.el8.aarch64.rpm", "operator": "lt", "packageName": "soundtouch"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-devel-2.0.0-3.el8.aarch64.rpm", "operator": "lt", "packageName": "soundtouch-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-0.40.19-2.el8.aarch64.rpm", "operator": "lt", "packageName": "vala"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-devel-0.40.19-2.el8.aarch64.rpm", "operator": "lt", "packageName": "vala-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-2.30.4-1.el8.aarch64.rpm", "operator": "lt", "packageName": "webkit2gtk3"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-devel-2.30.4-1.el8.aarch64.rpm", "operator": "lt", "packageName": "webkit2gtk3-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-jsc-2.30.4-1.el8.aarch64.rpm", "operator": "lt", "packageName": "webkit2gtk3-jsc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-jsc-devel-2.30.4-1.el8.aarch64.rpm", "operator": "lt", "packageName": "webkit2gtk3-jsc-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-1.0.2-5.el8.aarch64.rpm", "operator": "lt", "packageName": "woff2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-devel-1.0.2-5.el8.aarch64.rpm", "operator": "lt", "packageName": "woff2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-2.2.0-12.el8.src.rpm", "operator": "lt", "packageName": "openexr"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-0.6.55-1.el8.src.rpm", "operator": "lt", "packageName": "accountsservice"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-2.24.2-7.el8.src.rpm", "operator": "lt", "packageName": "atkmm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-1.12.0-8.el8.src.rpm", "operator": "lt", "packageName": "cairomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "10.1-7.el8", "packageFilename": "chrome-gnome-shell-10.1-7.el8.src.rpm", "operator": "lt", "packageName": "chrome-gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-core-0.6.0-3.el8.src.rpm", "operator": "lt", "packageName": "dleyna-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-server-0.6.0-3.el8.src.rpm", "operator": "lt", "packageName": "dleyna-server"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-2.2.3-3.el8.src.rpm", "operator": "lt", "packageName": "enchant2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-0.1.10-32.el8.src.rpm", "operator": "lt", "packageName": "gamin"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.3-39.el8", "packageFilename": "gdm-3.28.3-39.el8.src.rpm", "operator": "lt", "packageName": "gdm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-2.5.5-2.el8.src.rpm", "operator": "lt", "packageName": "geoclue2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-3.26.0-3.el8.src.rpm", "operator": "lt", "packageName": "geocode-glib"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-1.56.2-5.el8.src.rpm", "operator": "lt", "packageName": "gjs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-2.56.4-9.el8.src.rpm", "operator": "lt", "packageName": "glib2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-2.56.0-2.el8.src.rpm", "operator": "lt", "packageName": "glibmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.36.5-8.0.1.el8", "packageFilename": "gnome-boxes-3.36.5-8.0.1.el8.src.rpm", "operator": "lt", "packageName": "gnome-boxes"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.2-27.el8", "packageFilename": "gnome-control-center-3.28.2-27.el8.src.rpm", "operator": "lt", "packageName": "gnome-control-center"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-3.28.2-2.el8.src.rpm", "operator": "lt", "packageName": "gnome-online-accounts"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.1-4.el8", "packageFilename": "gnome-photos-3.28.1-4.el8.src.rpm", "operator": "lt", "packageName": "gnome-photos"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.0-14.el8", "packageFilename": "gnome-settings-daemon-3.32.0-14.el8.src.rpm", "operator": "lt", "packageName": "gnome-settings-daemon"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.2-30.el8", "packageFilename": "gnome-shell-3.32.2-30.el8.src.rpm", "operator": "lt", "packageName": "gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extensions-3.32.1-14.el8.src.rpm", "operator": "lt", "packageName": "gnome-shell-extensions"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.36.1-5.el8", "packageFilename": "gnome-software-3.36.1-5.el8.src.rpm", "operator": "lt", "packageName": "gnome-software"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.3-3.el8", "packageFilename": "gnome-terminal-3.28.3-3.el8.src.rpm", "operator": "lt", "packageName": "gnome-terminal"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.28-3.el8", "packageFilename": "gtk-doc-1.28-3.el8.src.rpm", "operator": "lt", "packageName": "gtk-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-2.24.32-5.el8.src.rpm", "operator": "lt", "packageName": "gtk2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-2.24.5-6.el8.src.rpm", "operator": "lt", "packageName": "gtkmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-3.22.2-3.el8.src.rpm", "operator": "lt", "packageName": "gtkmm30"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-1.36.2-11.el8.src.rpm", "operator": "lt", "packageName": "gvfs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.5-2.el8", "packageFilename": "libdazzle-3.28.5-2.el8.src.rpm", "operator": "lt", "packageName": "libdazzle"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.1.0-3.el8", "packageFilename": "libepubgen-0.1.0-3.el8.src.rpm", "operator": "lt", "packageName": "libepubgen"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-3.4.5-6.el8.src.rpm", "operator": "lt", "packageName": "libsass"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-2.10.0-6.el8.src.rpm", "operator": "lt", "packageName": "libsigc++20"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-0.4.0-25.el8.src.rpm", "operator": "lt", "packageName": "libvisual"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-3.32.2-57.el8.src.rpm", "operator": "lt", "packageName": "mutter"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-3.28.1-15.el8.src.rpm", "operator": "lt", "packageName": "nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-2.40.1-6.el8.src.rpm", "operator": "lt", "packageName": "pangomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-2.0.0-3.el8.src.rpm", "operator": "lt", "packageName": "soundtouch"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-0.40.19-2.el8.src.rpm", "operator": "lt", "packageName": "vala"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-2.30.4-1.el8.src.rpm", "operator": "lt", "packageName": "webkit2gtk3"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-1.0.2-5.el8.src.rpm", "operator": "lt", "packageName": "woff2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-devel-2.2.0-12.el8.i686.rpm", "operator": "lt", "packageName": "openexr-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-devel-2.2.0-12.el8.x86_64.rpm", "operator": "lt", "packageName": "openexr-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-libs-2.2.0-12.el8.i686.rpm", "operator": "lt", "packageName": "openexr-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.2.0-12.el8", "packageFilename": "OpenEXR-libs-2.2.0-12.el8.x86_64.rpm", "operator": "lt", "packageName": "openexr-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-0.6.55-1.el8.x86_64.rpm", "operator": "lt", "packageName": "accountsservice"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-devel-0.6.55-1.el8.i686.rpm", "operator": "lt", "packageName": "accountsservice-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-devel-0.6.55-1.el8.x86_64.rpm", "operator": "lt", "packageName": "accountsservice-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-libs-0.6.55-1.el8.i686.rpm", "operator": "lt", "packageName": "accountsservice-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.6.55-1.el8", "packageFilename": "accountsservice-libs-0.6.55-1.el8.x86_64.rpm", "operator": "lt", "packageName": "accountsservice-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-2.24.2-7.el8.i686.rpm", "operator": "lt", "packageName": "atkmm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-2.24.2-7.el8.x86_64.rpm", "operator": "lt", "packageName": "atkmm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-devel-2.24.2-7.el8.i686.rpm", "operator": "lt", "packageName": "atkmm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-devel-2.24.2-7.el8.x86_64.rpm", "operator": "lt", "packageName": "atkmm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.24.2-7.el8", "packageFilename": "atkmm-doc-2.24.2-7.el8.noarch.rpm", "operator": "lt", "packageName": "atkmm-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-1.12.0-8.el8.i686.rpm", "operator": "lt", "packageName": "cairomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-1.12.0-8.el8.x86_64.rpm", "operator": "lt", "packageName": "cairomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-devel-1.12.0-8.el8.i686.rpm", "operator": "lt", "packageName": "cairomm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-devel-1.12.0-8.el8.x86_64.rpm", "operator": "lt", "packageName": "cairomm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "1.12.0-8.el8", "packageFilename": "cairomm-doc-1.12.0-8.el8.noarch.rpm", "operator": "lt", "packageName": "cairomm-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "10.1-7.el8", "packageFilename": "chrome-gnome-shell-10.1-7.el8.x86_64.rpm", "operator": "lt", "packageName": "chrome-gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-core-0.6.0-3.el8.i686.rpm", "operator": "lt", "packageName": "dleyna-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-core-0.6.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "dleyna-core"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.6.0-3.el8", "packageFilename": "dleyna-server-0.6.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "dleyna-server"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-2.2.3-3.el8.i686.rpm", "operator": "lt", "packageName": "enchant2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-2.2.3-3.el8.x86_64.rpm", "operator": "lt", "packageName": "enchant2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-devel-2.2.3-3.el8.i686.rpm", "operator": "lt", "packageName": "enchant2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.2.3-3.el8", "packageFilename": "enchant2-devel-2.2.3-3.el8.x86_64.rpm", "operator": "lt", "packageName": "enchant2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-0.1.10-32.el8.i686.rpm", "operator": "lt", "packageName": "gamin"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-0.1.10-32.el8.x86_64.rpm", "operator": "lt", "packageName": "gamin"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-devel-0.1.10-32.el8.i686.rpm", "operator": "lt", "packageName": "gamin-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.1.10-32.el8", "packageFilename": "gamin-devel-0.1.10-32.el8.x86_64.rpm", "operator": "lt", "packageName": "gamin-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.3-39.el8", "packageFilename": "gdm-3.28.3-39.el8.i686.rpm", "operator": "lt", "packageName": "gdm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.3-39.el8", "packageFilename": "gdm-3.28.3-39.el8.x86_64.rpm", "operator": "lt", "packageName": "gdm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-2.5.5-2.el8.i686.rpm", "operator": "lt", "packageName": "geoclue2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-2.5.5-2.el8.x86_64.rpm", "operator": "lt", "packageName": "geoclue2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-demos-2.5.5-2.el8.x86_64.rpm", "operator": "lt", "packageName": "geoclue2-demos"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-devel-2.5.5-2.el8.i686.rpm", "operator": "lt", "packageName": "geoclue2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-devel-2.5.5-2.el8.x86_64.rpm", "operator": "lt", "packageName": "geoclue2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-libs-2.5.5-2.el8.i686.rpm", "operator": "lt", "packageName": "geoclue2-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.5.5-2.el8", "packageFilename": "geoclue2-libs-2.5.5-2.el8.x86_64.rpm", "operator": "lt", "packageName": "geoclue2-libs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-3.26.0-3.el8.i686.rpm", "operator": "lt", "packageName": "geocode-glib"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-3.26.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "geocode-glib"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-devel-3.26.0-3.el8.i686.rpm", "operator": "lt", "packageName": "geocode-glib-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.26.0-3.el8", "packageFilename": "geocode-glib-devel-3.26.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "geocode-glib-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-1.56.2-5.el8.i686.rpm", "operator": "lt", "packageName": "gjs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-1.56.2-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gjs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-devel-1.56.2-5.el8.i686.rpm", "operator": "lt", "packageName": "gjs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.56.2-5.el8", "packageFilename": "gjs-devel-1.56.2-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gjs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-2.56.4-9.el8.i686.rpm", "operator": "lt", "packageName": "glib2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-2.56.4-9.el8.x86_64.rpm", "operator": "lt", "packageName": "glib2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-devel-2.56.4-9.el8.i686.rpm", "operator": "lt", "packageName": "glib2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-devel-2.56.4-9.el8.x86_64.rpm", "operator": "lt", "packageName": "glib2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-doc-2.56.4-9.el8.noarch.rpm", "operator": "lt", "packageName": "glib2-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-fam-2.56.4-9.el8.x86_64.rpm", "operator": "lt", "packageName": "glib2-fam"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-static-2.56.4-9.el8.i686.rpm", "operator": "lt", "packageName": "glib2-static"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-static-2.56.4-9.el8.x86_64.rpm", "operator": "lt", "packageName": "glib2-static"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.4-9.el8", "packageFilename": "glib2-tests-2.56.4-9.el8.x86_64.rpm", "operator": "lt", "packageName": "glib2-tests"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-2.56.0-2.el8.i686.rpm", "operator": "lt", "packageName": "glibmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-2.56.0-2.el8.x86_64.rpm", "operator": "lt", "packageName": "glibmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-devel-2.56.0-2.el8.i686.rpm", "operator": "lt", "packageName": "glibmm24-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-devel-2.56.0-2.el8.x86_64.rpm", "operator": "lt", "packageName": "glibmm24-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.56.0-2.el8", "packageFilename": "glibmm24-doc-2.56.0-2.el8.noarch.rpm", "operator": "lt", "packageName": "glibmm24-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.36.5-8.0.1.el8", "packageFilename": "gnome-boxes-3.36.5-8.0.1.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-boxes"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-classic-session-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-classic-session"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.2-27.el8", "packageFilename": "gnome-control-center-3.28.2-27.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-control-center"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.28.2-27.el8", "packageFilename": "gnome-control-center-filesystem-3.28.2-27.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-control-center-filesystem"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-3.28.2-2.el8.i686.rpm", "operator": "lt", "packageName": "gnome-online-accounts"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-3.28.2-2.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-online-accounts"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-devel-3.28.2-2.el8.i686.rpm", "operator": "lt", "packageName": "gnome-online-accounts-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.2-2.el8", "packageFilename": "gnome-online-accounts-devel-3.28.2-2.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-online-accounts-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.1-4.el8", "packageFilename": "gnome-photos-3.28.1-4.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-photos"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.1-4.el8", "packageFilename": "gnome-photos-tests-3.28.1-4.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-photos-tests"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.32.0-14.el8", "packageFilename": "gnome-settings-daemon-3.32.0-14.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-settings-daemon"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.32.2-30.el8", "packageFilename": "gnome-shell-3.32.2-30.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-shell"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-apps-menu-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-apps-menu"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-auto-move-windows-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-auto-move-windows"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-common-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-common"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-dash-to-dock-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-dash-to-dock"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-desktop-icons-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-desktop-icons"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-disable-screenshield-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-disable-screenshield"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-drive-menu-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-drive-menu"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-horizontal-workspaces-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-horizontal-workspaces"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-launch-new-instance-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-launch-new-instance"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-native-window-placement-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-native-window-placement"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-no-hot-corner-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-no-hot-corner"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-panel-favorites-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-panel-favorites"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-places-menu-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-places-menu"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-screenshot-window-sizer-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-screenshot-window-sizer"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-systemMonitor-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-systemmonitor"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-top-icons-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-top-icons"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-updates-dialog-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-updates-dialog"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-user-theme-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-user-theme"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-window-grouper-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-window-grouper"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-window-list-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-window-list"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-windowsNavigator-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-windowsnavigator"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.32.1-14.el8", "packageFilename": "gnome-shell-extension-workspace-indicator-3.32.1-14.el8.noarch.rpm", "operator": "lt", "packageName": "gnome-shell-extension-workspace-indicator"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.36.1-5.el8", "packageFilename": "gnome-software-3.36.1-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-software"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.3-3.el8", "packageFilename": "gnome-terminal-3.28.3-3.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-terminal"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.3-3.el8", "packageFilename": "gnome-terminal-nautilus-3.28.3-3.el8.x86_64.rpm", "operator": "lt", "packageName": "gnome-terminal-nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.28-3.el8", "packageFilename": "gtk-doc-1.28-3.el8.x86_64.rpm", "operator": "lt", "packageName": "gtk-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-2.24.32-5.el8.i686.rpm", "operator": "lt", "packageName": "gtk2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-2.24.32-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gtk2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-devel-2.24.32-5.el8.i686.rpm", "operator": "lt", "packageName": "gtk2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-devel-2.24.32-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gtk2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-devel-docs-2.24.32-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gtk2-devel-docs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-immodule-xim-2.24.32-5.el8.i686.rpm", "operator": "lt", "packageName": "gtk2-immodule-xim"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-immodule-xim-2.24.32-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gtk2-immodule-xim"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-immodules-2.24.32-5.el8.i686.rpm", "operator": "lt", "packageName": "gtk2-immodules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.32-5.el8", "packageFilename": "gtk2-immodules-2.24.32-5.el8.x86_64.rpm", "operator": "lt", "packageName": "gtk2-immodules"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-2.24.5-6.el8.i686.rpm", "operator": "lt", "packageName": "gtkmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-2.24.5-6.el8.x86_64.rpm", "operator": "lt", "packageName": "gtkmm24"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-devel-2.24.5-6.el8.i686.rpm", "operator": "lt", "packageName": "gtkmm24-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-devel-2.24.5-6.el8.x86_64.rpm", "operator": "lt", "packageName": "gtkmm24-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.24.5-6.el8", "packageFilename": "gtkmm24-docs-2.24.5-6.el8.noarch.rpm", "operator": "lt", "packageName": "gtkmm24-docs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-3.22.2-3.el8.i686.rpm", "operator": "lt", "packageName": "gtkmm30"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-3.22.2-3.el8.x86_64.rpm", "operator": "lt", "packageName": "gtkmm30"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-devel-3.22.2-3.el8.i686.rpm", "operator": "lt", "packageName": "gtkmm30-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-devel-3.22.2-3.el8.x86_64.rpm", "operator": "lt", "packageName": "gtkmm30-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.22.2-3.el8", "packageFilename": "gtkmm30-doc-3.22.2-3.el8.noarch.rpm", "operator": "lt", "packageName": "gtkmm30-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-1.36.2-11.el8.i686.rpm", "operator": "lt", "packageName": "gvfs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-afc-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-afc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-afp-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-afp"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-archive-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-archive"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-client-1.36.2-11.el8.i686.rpm", "operator": "lt", "packageName": "gvfs-client"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-client-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-client"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-devel-1.36.2-11.el8.i686.rpm", "operator": "lt", "packageName": "gvfs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-devel-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-fuse-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-fuse"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-goa-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-goa"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-gphoto2-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-gphoto2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-mtp-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-mtp"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.36.2-11.el8", "packageFilename": "gvfs-smb-1.36.2-11.el8.x86_64.rpm", "operator": "lt", "packageName": "gvfs-smb"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.5-2.el8", "packageFilename": "libdazzle-3.28.5-2.el8.i686.rpm", "operator": "lt", "packageName": "libdazzle"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.5-2.el8", "packageFilename": "libdazzle-3.28.5-2.el8.x86_64.rpm", "operator": "lt", "packageName": "libdazzle"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.5-2.el8", "packageFilename": "libdazzle-devel-3.28.5-2.el8.i686.rpm", "operator": "lt", "packageName": "libdazzle-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.5-2.el8", "packageFilename": "libdazzle-devel-3.28.5-2.el8.x86_64.rpm", "operator": "lt", "packageName": "libdazzle-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.1.0-3.el8", "packageFilename": "libepubgen-0.1.0-3.el8.i686.rpm", "operator": "lt", "packageName": "libepubgen"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.1.0-3.el8", "packageFilename": "libepubgen-0.1.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "libepubgen"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.1.0-3.el8", "packageFilename": "libepubgen-devel-0.1.0-3.el8.i686.rpm", "operator": "lt", "packageName": "libepubgen-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.1.0-3.el8", "packageFilename": "libepubgen-devel-0.1.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "libepubgen-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-3.4.5-6.el8.i686.rpm", "operator": "lt", "packageName": "libsass"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-3.4.5-6.el8.x86_64.rpm", "operator": "lt", "packageName": "libsass"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-devel-3.4.5-6.el8.i686.rpm", "operator": "lt", "packageName": "libsass-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.4.5-6.el8", "packageFilename": "libsass-devel-3.4.5-6.el8.x86_64.rpm", "operator": "lt", "packageName": "libsass-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-2.10.0-6.el8.i686.rpm", "operator": "lt", "packageName": "libsigc++20"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-2.10.0-6.el8.x86_64.rpm", "operator": "lt", "packageName": "libsigc++20"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-devel-2.10.0-6.el8.i686.rpm", "operator": "lt", "packageName": "libsigc++20-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-devel-2.10.0-6.el8.x86_64.rpm", "operator": "lt", "packageName": "libsigc++20-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.10.0-6.el8", "packageFilename": "libsigc++20-doc-2.10.0-6.el8.noarch.rpm", "operator": "lt", "packageName": "libsigc++20-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-0.4.0-25.el8.i686.rpm", "operator": "lt", "packageName": "libvisual"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-0.4.0-25.el8.x86_64.rpm", "operator": "lt", "packageName": "libvisual"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-devel-0.4.0-25.el8.i686.rpm", "operator": "lt", "packageName": "libvisual-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.4.0-25.el8", "packageFilename": "libvisual-devel-0.4.0-25.el8.x86_64.rpm", "operator": "lt", "packageName": "libvisual-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-3.32.2-57.el8.i686.rpm", "operator": "lt", "packageName": "mutter"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-3.32.2-57.el8.x86_64.rpm", "operator": "lt", "packageName": "mutter"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-devel-3.32.2-57.el8.i686.rpm", "operator": "lt", "packageName": "mutter-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.32.2-57.el8", "packageFilename": "mutter-devel-3.32.2-57.el8.x86_64.rpm", "operator": "lt", "packageName": "mutter-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-3.28.1-15.el8.i686.rpm", "operator": "lt", "packageName": "nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-3.28.1-15.el8.x86_64.rpm", "operator": "lt", "packageName": "nautilus"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-devel-3.28.1-15.el8.i686.rpm", "operator": "lt", "packageName": "nautilus-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-devel-3.28.1-15.el8.x86_64.rpm", "operator": "lt", "packageName": "nautilus-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-extensions-3.28.1-15.el8.i686.rpm", "operator": "lt", "packageName": "nautilus-extensions"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "3.28.1-15.el8", "packageFilename": "nautilus-extensions-3.28.1-15.el8.x86_64.rpm", "operator": "lt", "packageName": "nautilus-extensions"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-2.40.1-6.el8.i686.rpm", "operator": "lt", "packageName": "pangomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-2.40.1-6.el8.x86_64.rpm", "operator": "lt", "packageName": "pangomm"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-devel-2.40.1-6.el8.i686.rpm", "operator": "lt", "packageName": "pangomm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-devel-2.40.1-6.el8.x86_64.rpm", "operator": "lt", "packageName": "pangomm-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.40.1-6.el8", "packageFilename": "pangomm-doc-2.40.1-6.el8.noarch.rpm", "operator": "lt", "packageName": "pangomm-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-2.0.0-3.el8.i686.rpm", "operator": "lt", "packageName": "soundtouch"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-2.0.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "soundtouch"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-devel-2.0.0-3.el8.i686.rpm", "operator": "lt", "packageName": "soundtouch-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.0-3.el8", "packageFilename": "soundtouch-devel-2.0.0-3.el8.x86_64.rpm", "operator": "lt", "packageName": "soundtouch-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-0.40.19-2.el8.i686.rpm", "operator": "lt", "packageName": "vala"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-0.40.19-2.el8.x86_64.rpm", "operator": "lt", "packageName": "vala"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-devel-0.40.19-2.el8.i686.rpm", "operator": "lt", "packageName": "vala-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "0.40.19-2.el8", "packageFilename": "vala-devel-0.40.19-2.el8.x86_64.rpm", "operator": "lt", "packageName": "vala-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-2.30.4-1.el8.i686.rpm", "operator": "lt", "packageName": "webkit2gtk3"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-2.30.4-1.el8.x86_64.rpm", "operator": "lt", "packageName": "webkit2gtk3"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-devel-2.30.4-1.el8.i686.rpm", "operator": "lt", "packageName": "webkit2gtk3-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-devel-2.30.4-1.el8.x86_64.rpm", "operator": "lt", "packageName": "webkit2gtk3-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-jsc-2.30.4-1.el8.i686.rpm", "operator": "lt", "packageName": "webkit2gtk3-jsc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-jsc-2.30.4-1.el8.x86_64.rpm", "operator": "lt", "packageName": "webkit2gtk3-jsc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-jsc-devel-2.30.4-1.el8.i686.rpm", "operator": "lt", "packageName": "webkit2gtk3-jsc-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.30.4-1.el8", "packageFilename": "webkit2gtk3-jsc-devel-2.30.4-1.el8.x86_64.rpm", "operator": "lt", "packageName": "webkit2gtk3-jsc-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-1.0.2-5.el8.i686.rpm", "operator": "lt", "packageName": "woff2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-1.0.2-5.el8.x86_64.rpm", "operator": "lt", "packageName": "woff2"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "i686", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-devel-1.0.2-5.el8.i686.rpm", "operator": "lt", "packageName": "woff2-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.2-5.el8", "packageFilename": "woff2-devel-1.0.2-5.el8.x86_64.rpm", "operator": "lt", "packageName": "woff2-devel"}], "_state": {"dependencies": 1659988328, "score": 1684007986, "epss": 1679073339}, "_internal": {"score_hash": "3f0741190f93e0bd76decf8006f7217a"}}

{"nessus": [{"lastseen": "2023-05-18T15:28:47", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1586 advisory.\n\n - glib2: insecure permissions for files and directories (CVE-2019-13012)\n\n - webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543, CVE-2020-13584, CVE-2020-9951)\n\n - webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)\n\n - webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : GNOME (CESA-2021:1586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:glib2", "p-cpe:/a:centos:centos:glib2-devel", "p-cpe:/a:centos:centos:glib2-doc", "p-cpe:/a:centos:centos:glib2-fam", "p-cpe:/a:centos:centos:glib2-static", "p-cpe:/a:centos:centos:glib2-tests", "p-cpe:/a:centos:centos:webkit2gtk3", "p-cpe:/a:centos:centos:webkit2gtk3-devel", "p-cpe:/a:centos:centos:webkit2gtk3-jsc", "p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel"], "id": "CENTOS8_RHSA-2021-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/149741", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1586. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\n \"CVE-2019-13012\",\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9983\",\n \"CVE-2020-13543\",\n \"CVE-2020-13584\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1586\");\n\n script_name(english:\"CentOS 8 : GNOME (CESA-2021:1586)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1586 advisory.\n\n - glib2: insecure permissions for files and directories (CVE-2019-13012)\n\n - webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543, CVE-2020-13584,\n CVE-2020-9951)\n\n - webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)\n\n - webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1586\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9983\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:webkit2gtk3-jsc-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glib2 / glib2-devel / glib2-doc / glib2-fam / glib2-static / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:05", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1586 advisory.\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. (CVE-2019-13012)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : GNOME (ELSA-2021-1586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983"], "modified": "2021-05-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openexr-devel", "p-cpe:/a:oracle:linux:openexr-libs", "p-cpe:/a:oracle:linux:accountsservice", "p-cpe:/a:oracle:linux:accountsservice-devel", "p-cpe:/a:oracle:linux:accountsservice-libs", "p-cpe:/a:oracle:linux:atkmm", "p-cpe:/a:oracle:linux:atkmm-devel", "p-cpe:/a:oracle:linux:atkmm-doc", "p-cpe:/a:oracle:linux:cairomm", "p-cpe:/a:oracle:linux:cairomm-devel", "p-cpe:/a:oracle:linux:cairomm-doc", "p-cpe:/a:oracle:linux:chrome-gnome-shell", "p-cpe:/a:oracle:linux:dleyna-core", "p-cpe:/a:oracle:linux:dleyna-server", "p-cpe:/a:oracle:linux:enchant2", "p-cpe:/a:oracle:linux:enchant2-devel", "p-cpe:/a:oracle:linux:gamin", "p-cpe:/a:oracle:linux:gamin-devel", "p-cpe:/a:oracle:linux:gdm", "p-cpe:/a:oracle:linux:geoclue2", "p-cpe:/a:oracle:linux:geoclue2-demos", "p-cpe:/a:oracle:linux:geoclue2-devel", "p-cpe:/a:oracle:linux:geoclue2-libs", "p-cpe:/a:oracle:linux:geocode-glib", "p-cpe:/a:oracle:linux:geocode-glib-devel", "p-cpe:/a:oracle:linux:gjs", "p-cpe:/a:oracle:linux:gjs-devel", "p-cpe:/a:oracle:linux:glib2", "p-cpe:/a:oracle:linux:glib2-devel", "p-cpe:/a:oracle:linux:glib2-doc", "p-cpe:/a:oracle:linux:glib2-fam", "p-cpe:/a:oracle:linux:glib2-static", "p-cpe:/a:oracle:linux:glib2-tests", "p-cpe:/a:oracle:linux:glibmm24", "p-cpe:/a:oracle:linux:glibmm24-devel", "p-cpe:/a:oracle:linux:glibmm24-doc", "p-cpe:/a:oracle:linux:gnome-boxes", "p-cpe:/a:oracle:linux:gnome-classic-session", "p-cpe:/a:oracle:linux:gnome-control-center", "p-cpe:/a:oracle:linux:gnome-control-center-filesystem", "p-cpe:/a:oracle:linux:gnome-online-accounts", "p-cpe:/a:oracle:linux:gnome-online-accounts-devel", "p-cpe:/a:oracle:linux:gnome-photos", "p-cpe:/a:oracle:linux:gnome-photos-tests", "p-cpe:/a:oracle:linux:gnome-settings-daemon", "p-cpe:/a:oracle:linux:gnome-shell", "p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:oracle:linux:gnome-shell-extension-common", "p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-list", "p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:oracle:linux:gnome-software", "p-cpe:/a:oracle:linux:gnome-terminal", "p-cpe:/a:oracle:linux:gnome-terminal-nautilus", "p-cpe:/a:oracle:linux:gtk-doc", "p-cpe:/a:oracle:linux:gtk2", "p-cpe:/a:oracle:linux:gtk2-devel", "p-cpe:/a:oracle:linux:gtk2-devel-docs", "p-cpe:/a:oracle:linux:gtk2-immodule-xim", "p-cpe:/a:oracle:linux:gtk2-immodules", "p-cpe:/a:oracle:linux:gtkmm24", "p-cpe:/a:oracle:linux:gtkmm24-devel", "p-cpe:/a:oracle:linux:gtkmm24-docs", "p-cpe:/a:oracle:linux:gtkmm30", "p-cpe:/a:oracle:linux:gtkmm30-devel", "p-cpe:/a:oracle:linux:gtkmm30-doc", "p-cpe:/a:oracle:linux:gvfs", "p-cpe:/a:oracle:linux:gvfs-afc", "p-cpe:/a:oracle:linux:gvfs-afp", "p-cpe:/a:oracle:linux:gvfs-archive", "p-cpe:/a:oracle:linux:gvfs-client", "p-cpe:/a:oracle:linux:gvfs-devel", "p-cpe:/a:oracle:linux:gvfs-fuse", "p-cpe:/a:oracle:linux:gvfs-goa", "p-cpe:/a:oracle:linux:gvfs-gphoto2", "p-cpe:/a:oracle:linux:gvfs-mtp", "p-cpe:/a:oracle:linux:gvfs-smb", "p-cpe:/a:oracle:linux:libdazzle", "p-cpe:/a:oracle:linux:libdazzle-devel", "p-cpe:/a:oracle:linux:libepubgen", "p-cpe:/a:oracle:linux:libepubgen-devel", "p-cpe:/a:oracle:linux:libsass", "p-cpe:/a:oracle:linux:libsass-devel", "p-cpe:/a:oracle:linux:libsigc%2b%2b20", "p-cpe:/a:oracle:linux:libsigc%2b%2b20-devel", "p-cpe:/a:oracle:linux:libsigc%2b%2b20-doc", "p-cpe:/a:oracle:linux:libvisual", "p-cpe:/a:oracle:linux:libvisual-devel", "p-cpe:/a:oracle:linux:mutter", "p-cpe:/a:oracle:linux:mutter-devel", "p-cpe:/a:oracle:linux:nautilus", "p-cpe:/a:oracle:linux:nautilus-devel", "p-cpe:/a:oracle:linux:nautilus-extensions", "p-cpe:/a:oracle:linux:pangomm", "p-cpe:/a:oracle:linux:pangomm-devel", "p-cpe:/a:oracle:linux:pangomm-doc", "p-cpe:/a:oracle:linux:soundtouch", "p-cpe:/a:oracle:linux:soundtouch-devel", "p-cpe:/a:oracle:linux:vala", "p-cpe:/a:oracle:linux:vala-devel", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:oracle:linux:woff2", "p-cpe:/a:oracle:linux:woff2-devel"], "id": "ORACLELINUX_ELSA-2021-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/149947", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1586.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149947);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/26\");\n\n script_cve_id(\n \"CVE-2019-13012\",\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9983\",\n \"CVE-2020-13543\",\n \"CVE-2020-13584\"\n );\n\n script_name(english:\"Oracle Linux 8 : GNOME (ELSA-2021-1586)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1586 advisory.\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A\n specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code\n execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The\n victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories,\n 0777 permissions are used; for files, default file permissions are used. This is similar to\n CVE-2019-12450. (CVE-2019-13012)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari\n 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1586.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9983\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:atkmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:atkmm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:atkmm-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cairomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cairomm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cairomm-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:chrome-gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dleyna-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dleyna-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:enchant2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:enchant2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gamin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gamin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:geoclue2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:geoclue2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:geoclue2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:geoclue2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:geocode-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:geocode-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gjs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gjs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibmm24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibmm24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibmm24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-boxes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-photos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-photos-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-terminal-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk2-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk2-immodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtkmm24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtkmm24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtkmm24-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtkmm30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtkmm30-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtkmm30-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-afc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-afp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-archive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-goa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-gphoto2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-mtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gvfs-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libdazzle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libdazzle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libepubgen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libepubgen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsass-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsigc++20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsigc++20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsigc++20-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvisual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvisual-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nautilus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nautilus-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pangomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pangomm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pangomm-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:soundtouch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vala\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vala-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:woff2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:woff2-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'accountsservice-0.6.55-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-2.24.2-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-2.24.2-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-2.24.2-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-devel-2.24.2-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-devel-2.24.2-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-devel-2.24.2-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-doc-2.24.2-7.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-1.12.0-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-1.12.0-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-1.12.0-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-devel-1.12.0-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-devel-1.12.0-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-devel-1.12.0-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-doc-1.12.0-8.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chrome-gnome-shell-10.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chrome-gnome-shell-10.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-core-0.6.0-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-core-0.6.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-core-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-server-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-2.2.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-2.2.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-2.2.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-devel-2.2.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-devel-2.2.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-devel-2.2.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-0.1.10-32.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-0.1.10-32.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-0.1.10-32.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-devel-0.1.10-32.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-devel-0.1.10-32.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-devel-0.1.10-32.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-3.28.3-39.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-3.28.3-39.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-3.28.3-39.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'geoclue2-2.5.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-2.5.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-demos-2.5.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-demos-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-devel-2.5.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-devel-2.5.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-devel-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-libs-2.5.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-libs-2.5.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-libs-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-3.26.0-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-3.26.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-3.26.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-devel-3.26.0-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-devel-3.26.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-devel-3.26.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-1.56.2-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-1.56.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-1.56.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-devel-1.56.2-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-devel-1.56.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-devel-1.56.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-2.56.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-2.56.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-2.56.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-devel-2.56.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-devel-2.56.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-devel-2.56.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-doc-2.56.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-boxes-3.36.5-8.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-27.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-27.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-27.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-photos-3.28.1-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-photos-tests-3.28.1-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-14.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-14.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-30.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-30.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-14.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-terminal-3.28.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-terminal-3.28.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-terminal-nautilus-3.28.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-terminal-nautilus-3.28.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-doc-1.28-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-doc-1.28-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-2.24.32-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-2.24.32-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-docs-2.24.32-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-docs-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodule-xim-2.24.32-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodule-xim-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodule-xim-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodules-2.24.32-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodules-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodules-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-2.24.5-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-2.24.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-2.24.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-devel-2.24.5-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-devel-2.24.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-devel-2.24.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-docs-2.24.5-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-3.22.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-3.22.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-3.22.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-devel-3.22.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-devel-3.22.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-devel-3.22.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-doc-3.22.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-1.36.2-11.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-afc-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-afc-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-afp-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-afp-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-archive-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-archive-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-client-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-client-1.36.2-11.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-client-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-devel-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-devel-1.36.2-11.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-devel-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-fuse-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-fuse-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-goa-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-goa-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-gphoto2-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-gphoto2-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-mtp-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-mtp-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-smb-1.36.2-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-smb-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-3.28.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-3.28.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-devel-3.28.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-devel-3.28.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-0.1.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-0.1.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-devel-0.1.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-devel-0.1.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-3.4.5-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-3.4.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-3.4.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-devel-3.4.5-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-devel-3.4.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-devel-3.4.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-2.10.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-2.10.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-2.10.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-devel-2.10.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-devel-2.10.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-devel-2.10.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-doc-2.10.0-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvisual-0.4.0-25.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-0.4.0-25.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-0.4.0-25.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-devel-0.4.0-25.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-devel-0.4.0-25.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-devel-0.4.0-25.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mutter-3.32.2-57.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-57.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-57.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-57.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-57.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-57.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-3.28.1-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-3.28.1-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-3.28.1-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-extensions-3.28.1-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-extensions-3.28.1-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-extensions-3.28.1-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-2.2.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-2.2.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-2.2.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-2.2.0-12.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-2.2.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-2.2.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-2.40.1-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-2.40.1-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-2.40.1-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-devel-2.40.1-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-devel-2.40.1-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-devel-2.40.1-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-doc-2.40.1-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-2.0.0-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-2.0.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-2.0.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-devel-2.0.0-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-devel-2.0.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-devel-2.0.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-0.40.19-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-0.40.19-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-0.40.19-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-devel-0.40.19-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-devel-0.40.19-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-devel-0.40.19-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-1.0.2-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-1.0.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-1.0.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-devel-1.0.2-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-devel-1.0.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-devel-1.0.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR-devel / OpenEXR-libs / accountsservice / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:11", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-9948 Brendan Draper discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9951 Marcin Noga discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9983 zhunki discovered that processing maliciously crafted web content may lead to code execution.\n\n - CVE-2020-13584 Cisco discovered that processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {}, "published": "2020-11-25T00:00:00", "type": "nessus", "title": "Debian DSA-4797-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4797.NASL", "href": "https://www.tenable.com/plugins/nessus/143260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4797. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143260);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-13584\", \"CVE-2020-9948\", \"CVE-2020-9951\", \"CVE-2020-9983\");\n script_xref(name:\"DSA\", value:\"4797\");\n\n script_name(english:\"Debian DSA-4797-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-9948\n Brendan Draper discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-9951\n Marcin Noga discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-9983\n zhunki discovered that processing maliciously crafted\n web content may lead to code execution.\n\n - CVE-2020-13584\n Cisco discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-13584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4797\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.30.3-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.30.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.30.3-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:46", "description": "The remote host is affected by the vulnerability described in GLSA-202012-10 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-12-24T00:00:00", "type": "nessus", "title": "GLSA-202012-10 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9983"], "modified": "2020-12-28T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202012-10.NASL", "href": "https://www.tenable.com/plugins/nessus/144597", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202012-10.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144597);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/28\");\n\n script_cve_id(\"CVE-2020-13543\", \"CVE-2020-13584\", \"CVE-2020-9948\", \"CVE-2020-9951\", \"CVE-2020-9952\", \"CVE-2020-9983\");\n script_xref(name:\"GLSA\", value:\"202012-10\");\n\n script_name(english:\"GLSA-202012-10 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202012-10\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker, by enticing a user to visit maliciously crafted web\n content, may be able to execute arbitrary code or cause memory\n corruption.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2020-0008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2020-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202012-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.30.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.30.3\"), vulnerable:make_list(\"lt 2.30.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:46", "description": "This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2304)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-13543", "CVE-2021-13584", "CVE-2021-9948", "CVE-2021-9951", "CVE-2021-9983"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2304.NASL", "href": "https://www.tenable.com/plugins/nessus/145374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2304.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145374);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-13543\", \"CVE-2020-13584\", \"CVE-2020-9948\", \"CVE-2020-9951\", \"CVE-2020-9983\", \"CVE-2021-13543\", \"CVE-2021-13584\", \"CVE-2021-9948\", \"CVE-2021-9951\", \"CVE-2021-9983\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2304)\");\n script_summary(english:\"Check for the openSUSE-2020-2304 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have\n led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could\n have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require\n libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for\n compilation to succeed with JIT disabled. Also disable\n sampling profiler, since it conflicts with c_loop\n (bsc#1177087).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179451\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.30.3-lp151.2.28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.30.3-lp151.2.28.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:48", "description": "Update to WebKitGTK 2.30.3 :\n\n - Fix backdrop filters with rounded borders.\n\n - Fix scrolling iframes when async scrolling is enabled.\n\n - Allow applications to handle drag and drop on the web view again.\n\n - Update Outlook user agent quirk.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9983, CVE-2020-13584\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "Fedora 33 : webkit2gtk3 (2020-145877bcd3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13584", "CVE-2020-9983"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-145877BCD3.NASL", "href": "https://www.tenable.com/plugins/nessus/143291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-145877bcd3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143291);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/02\");\n\n script_cve_id(\"CVE-2020-13584\", \"CVE-2020-9983\");\n script_xref(name:\"FEDORA\", value:\"2020-145877bcd3\");\n\n script_name(english:\"Fedora 33 : webkit2gtk3 (2020-145877bcd3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to WebKitGTK 2.30.3 :\n\n - Fix backdrop filters with rounded borders.\n\n - Fix scrolling iframes when async scrolling is enabled.\n\n - Allow applications to handle drag and drop on the web\n view again.\n\n - Update Outlook user agent quirk.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9983, CVE-2020-13584\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-145877bcd3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"webkit2gtk3-2.30.3-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:33", "description": "Update to WebKitGTK 2.30.3 :\n\n - Fix backdrop filters with rounded borders.\n\n - Fix scrolling iframes when async scrolling is enabled.\n\n - Allow applications to handle drag and drop on the web view again.\n\n - Update Outlook user agent quirk.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9983, CVE-2020-13584\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Fedora 32 : webkit2gtk3 (2020-e8a7566e80)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13584", "CVE-2020-9983"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-E8A7566E80.NASL", "href": "https://www.tenable.com/plugins/nessus/143453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-e8a7566e80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143453);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2020-13584\", \"CVE-2020-9983\");\n script_xref(name:\"FEDORA\", value:\"2020-e8a7566e80\");\n\n script_name(english:\"Fedora 32 : webkit2gtk3 (2020-e8a7566e80)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to WebKitGTK 2.30.3 :\n\n - Fix backdrop filters with rounded borders.\n\n - Fix scrolling iframes when async scrolling is enabled.\n\n - Allow applications to handle drag and drop on the web\n view again.\n\n - Update Outlook user agent quirk.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9983, CVE-2020-13584\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e8a7566e80\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"webkit2gtk3-2.30.3-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T15:14:11", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1586 advisory.\n\n - glib2: insecure permissions for files and directories (CVE-2019-13012)\n\n - webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543, CVE-2020-13584, CVE-2020-9951)\n\n - gdm: inability to timely contact accountservice via dbus leads gnome-initial-setup to creation of account with admin privileges (CVE-2020-16125)\n\n - webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)\n\n - webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-1817)\n\n - webkitgtk: Memory initialization issue possibly leading to memory disclosure (CVE-2021-1820)\n\n - webkitgtk: Input validation issue leading to cross site scripting attack (CVE-2021-1825)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-1826)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : GNOME (RHSA-2021:1586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-16125", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-1817", "CVE-2021-1820", "CVE-2021-1825", "CVE-2021-1826", "CVE-2021-30661"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:gdm", "p-cpe:/a:redhat:enterprise_linux:glib2", "p-cpe:/a:redhat:enterprise_linux:glib2-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel", "p-cpe:/a:redhat:enterprise_linux:glib2-doc", "p-cpe:/a:redhat:enterprise_linux:glib2-fam", "p-cpe:/a:redhat:enterprise_linux:glib2-static", "p-cpe:/a:redhat:enterprise_linux:glib2-tests", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6"], "id": "REDHAT-RHSA-2021-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/149698", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1586. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149698);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-13012\",\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9983\",\n \"CVE-2020-13543\",\n \"CVE-2020-13584\",\n \"CVE-2020-16125\",\n \"CVE-2021-1817\",\n \"CVE-2021-1820\",\n \"CVE-2021-1825\",\n \"CVE-2021-1826\",\n \"CVE-2021-30661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1586\");\n script_xref(name:\"IAVA\", value:\"2021-A-0202-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 8 : GNOME (RHSA-2021:1586)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1586 advisory.\n\n - glib2: insecure permissions for files and directories (CVE-2019-13012)\n\n - webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543, CVE-2020-13584,\n CVE-2020-9951)\n\n - gdm: inability to timely contact accountservice via dbus leads gnome-initial-setup to creation of account\n with admin privileges (CVE-2020-16125)\n\n - webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)\n\n - webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-1817)\n\n - webkitgtk: Memory initialization issue possibly leading to memory disclosure (CVE-2021-1820)\n\n - webkitgtk: Input validation issue leading to cross site scripting attack (CVE-2021-1825)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-1826)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 416, 636, 732, 787, 843);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gdm-3.28.3-39.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'glib2-2.56.4-9.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gdm-3.28.3-39.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'glib2-2.56.4-9.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gdm-3.28.3-39.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'glib2-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.30.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.30.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.30.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.30.4-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gdm / glib2 / glib2-devel / glib2-doc / glib2-fam / glib2-static / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:48", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities:\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-1826)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2022-0048)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-1817", "CVE-2021-1820", "CVE-2021-1825", "CVE-2021-1826", "CVE-2021-30661"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:webkit2gtk3", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-debuginfo", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-debugsource", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-devel", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-devel-debuginfo", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-doc", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-debuginfo", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel", "p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0048_WEBKIT2GTK3.NASL", "href": "https://www.tenable.com/plugins/nessus/160755", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0048. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160755);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9983\",\n \"CVE-2020-13543\",\n \"CVE-2020-13584\",\n \"CVE-2021-1817\",\n \"CVE-2021-1820\",\n \"CVE-2021-1825\",\n \"CVE-2021-1826\",\n \"CVE-2021-30661\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0202-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2022-0048)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by\nmultiple vulnerabilities:\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A\n specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code\n execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The\n victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari\n 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big\n Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS\n Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content\n may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS\n 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting\n attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS\n 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to\n universal cross site scripting. (CVE-2021-1826)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1,\n iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0048\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-13543\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-13584\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-9948\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-9951\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-9983\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-1817\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-1820\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-1825\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-1826\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-30661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL webkit2gtk3 packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'webkit2gtk3-2.30.4-1.el8',\n 'webkit2gtk3-debuginfo-2.30.4-1.el8',\n 'webkit2gtk3-debugsource-2.30.4-1.el8',\n 'webkit2gtk3-devel-2.30.4-1.el8',\n 'webkit2gtk3-devel-debuginfo-2.30.4-1.el8',\n 'webkit2gtk3-doc-2.30.4-1.el8',\n 'webkit2gtk3-jsc-2.30.4-1.el8',\n 'webkit2gtk3-jsc-debuginfo-2.30.4-1.el8',\n 'webkit2gtk3-jsc-devel-2.30.4-1.el8',\n 'webkit2gtk3-jsc-devel-debuginfo-2.30.4-1.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:06", "description": "This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2310)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-13543", "CVE-2021-13584", "CVE-2021-9948", "CVE-2021-9951", "CVE-2021-9983"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang"], "id": "OPENSUSE-2020-2310.NASL", "href": "https://www.tenable.com/plugins/nessus/145331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2310.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145331);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-13543\", \"CVE-2020-13584\", \"CVE-2020-9948\", \"CVE-2020-9951\", \"CVE-2020-9983\", \"CVE-2021-13543\", \"CVE-2021-13584\", \"CVE-2021-9948\", \"CVE-2021-9951\", \"CVE-2021-9983\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2310)\");\n script_summary(english:\"Check for the openSUSE-2020-2310 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have\n led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could\n have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require\n libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for\n compilation to succeed with JIT disabled. Also disable\n sampling profiler, since it conflicts with c_loop\n (bsc#1177087).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179451\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk3-lang-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-debugsource-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-devel-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.30.3-lp152.2.7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.30.3-lp152.2.7.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:00", "description": "This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3867-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-13543", "CVE-2021-13584", "CVE-2021-9948", "CVE-2021-9951", "CVE-2021-9983"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3867-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144432", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3867-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144432);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-13543\", \"CVE-2020-13584\", \"CVE-2020-9948\", \"CVE-2020-9951\", \"CVE-2020-9983\", \"CVE-2021-13543\", \"CVE-2021-13584\", \"CVE-2021-9948\", \"CVE-2021-9951\", \"CVE-2021-9983\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3867-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have\n led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could\n have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require\n libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for\n compilation to succeed with JIT disabled. Also disable\n sampling profiler, since it conflicts with c_loop\n (bsc#1177087).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9948/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9983/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203867-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?431ae647\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3867=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3867=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.30.3-3.9.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.30.3-3.9.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:27", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1586 advisory.\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. (CVE-2019-13012)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.\n (CVE-2020-16125)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-1826)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : GNOME (ALSA-2021:1586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-16125", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-1817", "CVE-2021-1820", "CVE-2021-1825", "CVE-2021-1826", "CVE-2021-30661"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:alma:linux:openexr-devel", "p-cpe:/a:alma:linux:openexr-libs", "p-cpe:/a:alma:linux:accountsservice-devel", "p-cpe:/a:alma:linux:geocode-glib", "p-cpe:/a:alma:linux:geocode-glib-devel", "p-cpe:/a:alma:linux:gjs", "p-cpe:/a:alma:linux:gjs-devel", "p-cpe:/a:alma:linux:glib2", "p-cpe:/a:alma:linux:glib2-devel", "p-cpe:/a:alma:linux:glib2-doc", "p-cpe:/a:alma:linux:glib2-fam", "p-cpe:/a:alma:linux:glib2-static", "p-cpe:/a:alma:linux:glib2-tests", "p-cpe:/a:alma:linux:glibmm24", "p-cpe:/a:alma:linux:glibmm24-devel", "p-cpe:/a:alma:linux:glibmm24-doc", "p-cpe:/a:alma:linux:gnome-boxes", "p-cpe:/a:alma:linux:gnome-photos", "p-cpe:/a:alma:linux:gnome-photos-tests", "p-cpe:/a:alma:linux:gnome-terminal", "p-cpe:/a:alma:linux:gnome-terminal-nautilus", "p-cpe:/a:alma:linux:gtk-doc", "p-cpe:/a:alma:linux:gtk2", "p-cpe:/a:alma:linux:gtk2-devel", "p-cpe:/a:alma:linux:gtk2-devel-docs", "p-cpe:/a:alma:linux:gtk2-immodule-xim", "p-cpe:/a:alma:linux:gtk2-immodules", "p-cpe:/a:alma:linux:gtkmm24", "p-cpe:/a:alma:linux:gtkmm24-devel", "p-cpe:/a:alma:linux:gtkmm24-docs", "p-cpe:/a:alma:linux:gtkmm30", "p-cpe:/a:alma:linux:gtkmm30-devel", "p-cpe:/a:alma:linux:gtkmm30-doc", "p-cpe:/a:alma:linux:gvfs", "p-cpe:/a:alma:linux:gvfs-afc", "p-cpe:/a:alma:linux:gvfs-afp", "p-cpe:/a:alma:linux:gvfs-archive", "p-cpe:/a:alma:linux:gvfs-client", "p-cpe:/a:alma:linux:gvfs-devel", "p-cpe:/a:alma:linux:gvfs-fuse", "p-cpe:/a:alma:linux:gvfs-goa", "p-cpe:/a:alma:linux:gvfs-gphoto2", "p-cpe:/a:alma:linux:gvfs-mtp", "p-cpe:/a:alma:linux:gvfs-smb", "p-cpe:/a:alma:linux:libdazzle", "p-cpe:/a:alma:linux:libdazzle-devel", "p-cpe:/a:alma:linux:libepubgen", "p-cpe:/a:alma:linux:libepubgen-devel", "p-cpe:/a:alma:linux:libsass", "p-cpe:/a:alma:linux:libsass-devel", "p-cpe:/a:alma:linux:libsigc%2b%2b20", "p-cpe:/a:alma:linux:libsigc%2b%2b20-devel", "p-cpe:/a:alma:linux:libsigc%2b%2b20-doc", "p-cpe:/a:alma:linux:libvisual", "p-cpe:/a:alma:linux:libvisual-devel", "p-cpe:/a:alma:linux:mutter-devel", "p-cpe:/a:alma:linux:nautilus", "p-cpe:/a:alma:linux:nautilus-devel", "p-cpe:/a:alma:linux:nautilus-extensions", "p-cpe:/a:alma:linux:pangomm", "p-cpe:/a:alma:linux:pangomm-devel", "p-cpe:/a:alma:linux:pangomm-doc", "p-cpe:/a:alma:linux:soundtouch", "p-cpe:/a:alma:linux:soundtouch-devel", "p-cpe:/a:alma:linux:vala", "p-cpe:/a:alma:linux:vala-devel", "p-cpe:/a:alma:linux:woff2", "p-cpe:/a:alma:linux:woff2-devel", "cpe:/o:alma:linux:8", "p-cpe:/a:alma:linux:atkmm", "p-cpe:/a:alma:linux:atkmm-devel", "p-cpe:/a:alma:linux:atkmm-doc", "p-cpe:/a:alma:linux:cairomm", "p-cpe:/a:alma:linux:cairomm-devel", "p-cpe:/a:alma:linux:cairomm-doc", "p-cpe:/a:alma:linux:chrome-gnome-shell", "p-cpe:/a:alma:linux:dleyna-core", "p-cpe:/a:alma:linux:dleyna-server", "p-cpe:/a:alma:linux:enchant2", "p-cpe:/a:alma:linux:enchant2-devel", "p-cpe:/a:alma:linux:gamin", "p-cpe:/a:alma:linux:gamin-devel", "p-cpe:/a:alma:linux:geoclue2", "p-cpe:/a:alma:linux:geoclue2-demos", "p-cpe:/a:alma:linux:geoclue2-devel", "p-cpe:/a:alma:linux:geoclue2-libs"], "id": "ALMA_LINUX_ALSA-2021-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/157668", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1586.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157668);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2019-13012\",\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9983\",\n \"CVE-2020-13543\",\n \"CVE-2020-13584\",\n \"CVE-2020-16125\",\n \"CVE-2021-1817\",\n \"CVE-2021-1820\",\n \"CVE-2021-1825\",\n \"CVE-2021-1826\",\n \"CVE-2021-30661\"\n );\n script_xref(name:\"ALSA\", value:\"2021:1586\");\n script_xref(name:\"IAVA\", value:\"2021-A-0202-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"AlmaLinux 8 : GNOME (ALSA-2021:1586)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1586 advisory.\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories,\n 0777 permissions are used; for files, default file permissions are used. This is similar to\n CVE-2019-12450. (CVE-2019-13012)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari\n 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A\n specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code\n execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The\n victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the\n accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be\n be chained with an additional issue that could allow a local user to create a new privileged account.\n (CVE-2020-16125)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big\n Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS\n Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content\n may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS\n 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting\n attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS\n 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to\n universal cross site scripting. (CVE-2021-1826)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1,\n iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1586.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:OpenEXR-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:atkmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:atkmm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:atkmm-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:cairomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:cairomm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:cairomm-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:chrome-gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dleyna-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dleyna-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:enchant2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:enchant2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gamin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gamin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:geoclue2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:geoclue2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:geoclue2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:geoclue2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:geocode-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:geocode-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gjs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gjs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glibmm24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glibmm24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:glibmm24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-boxes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-photos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-photos-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-terminal-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk2-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk2-immodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtkmm24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtkmm24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtkmm24-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtkmm30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtkmm30-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtkmm30-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-afc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-afp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-archive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-goa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-gphoto2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-mtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gvfs-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libdazzle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libdazzle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libepubgen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libepubgen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsass-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsigc++20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsigc++20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsigc++20-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libvisual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libvisual-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:nautilus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:nautilus-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pangomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pangomm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pangomm-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:soundtouch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:soundtouch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vala\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vala-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:woff2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:woff2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-devel-0.6.55-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-2.24.2-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-2.24.2-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-devel-2.24.2-7.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-devel-2.24.2-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'atkmm-doc-2.24.2-7.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-1.12.0-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-1.12.0-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-devel-1.12.0-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-devel-1.12.0-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cairomm-doc-1.12.0-8.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chrome-gnome-shell-10.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-core-0.6.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-core-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dleyna-server-0.6.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-2.2.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-2.2.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-devel-2.2.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'enchant2-devel-2.2.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-0.1.10-32.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-0.1.10-32.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-devel-0.1.10-32.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gamin-devel-0.1.10-32.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-2.5.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-demos-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-devel-2.5.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-devel-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-libs-2.5.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geoclue2-libs-2.5.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-3.26.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-3.26.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-devel-3.26.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'geocode-glib-devel-3.26.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-1.56.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-1.56.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-devel-1.56.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gjs-devel-1.56.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.56.4-9.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-static-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-tests-2.56.4-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-2.56.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-2.56.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-devel-2.56.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-devel-2.56.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibmm24-doc-2.56.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-boxes-3.36.5-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-photos-3.28.1-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-photos-tests-3.28.1-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-terminal-3.28.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-terminal-nautilus-3.28.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-doc-1.28-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-devel-docs-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodule-xim-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodule-xim-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodules-2.24.32-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk2-immodules-2.24.32-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-2.24.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-2.24.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-devel-2.24.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-devel-2.24.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm24-docs-2.24.5-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-3.22.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-3.22.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-devel-3.22.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-devel-3.22.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtkmm30-doc-3.22.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-1.36.2-11.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-afc-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-afp-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-archive-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-client-1.36.2-11.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-client-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-devel-1.36.2-11.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-devel-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-fuse-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-goa-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-gphoto2-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-mtp-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gvfs-smb-1.36.2-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-3.28.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-3.28.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-devel-3.28.5-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdazzle-devel-3.28.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-0.1.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-0.1.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-devel-0.1.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libepubgen-devel-0.1.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-3.4.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-3.4.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-devel-3.4.5-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsass-devel-3.4.5-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-2.10.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-2.10.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-devel-2.10.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-devel-2.10.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsigc++20-doc-2.10.0-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvisual-0.4.0-25.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-0.4.0-25.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-devel-0.4.0-25.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'libvisual-devel-0.4.0-25.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mutter-devel-3.32.2-57.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-57.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-3.28.1-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-3.28.1-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-devel-3.28.1-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-extensions-3.28.1-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nautilus-extensions-3.28.1-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-2.2.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-devel-2.2.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-2.2.0-12.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'OpenEXR-libs-2.2.0-12.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-2.40.1-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-2.40.1-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-devel-2.40.1-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-devel-2.40.1-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pangomm-doc-2.40.1-6.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-2.0.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-2.0.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-devel-2.0.0-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'soundtouch-devel-2.0.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-0.40.19-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-0.40.19-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-devel-0.40.19-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vala-devel-0.40.19-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-1.0.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-1.0.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-devel-1.0.2-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'woff2-devel-1.0.2-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'OpenEXR-devel / OpenEXR-libs / accountsservice-devel / atkmm / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:38", "description": "This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3864-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13584", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-13543", "CVE-2021-13584", "CVE-2021-9948", "CVE-2021-9951", "CVE-2021-9983"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3864-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3864-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144427);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-13543\", \"CVE-2020-13584\", \"CVE-2020-9948\", \"CVE-2020-9951\", \"CVE-2020-9983\", \"CVE-2021-13543\", \"CVE-2021-13584\", \"CVE-2021-9948\", \"CVE-2021-9951\", \"CVE-2021-9983\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3864-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :\n\n - CVE-2021-13543: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-13584: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9948: Fixed a type confusion which could have\n led to arbitrary code execution.\n\n - CVE-2021-9951: Fixed a use after free which could have\n led to arbitrary code execution.\n\n - CVE-2021-9983: Fixed an out of bounds write which could\n have led to arbitrary code execution.\n\n - Have the libwebkit2gtk package require\n libjavascriptcoregtk of the same version (bsc#1171531).\n\n - Enable c_loop on aarch64: currently needed for\n compilation to succeed with JIT disabled. Also disable\n sampling profiler, since it conflicts with c_loop\n (bsc#1177087).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9948/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9983/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203864-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe052ac1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3864=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3864=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3864=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3864=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3864=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3864=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.30.3-3.63.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.30.3-3.63.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:11", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4648-1 advisory.\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop- portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.\n (CVE-2020-13753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : WebKitGTK vulnerabilities (USN-4648-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5226", "CVE-2020-13753", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9952", "CVE-2020-9983"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-4648-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143269", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4648-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143269);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9952\",\n \"CVE-2020-9983\",\n \"CVE-2020-13753\"\n );\n script_xref(name:\"USN\", value:\"4648-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : WebKitGTK vulnerabilities (USN-4648-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4648-1 advisory.\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0\n and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari\n 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to\n CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-\n portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside\n the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.\n (CVE-2020-13753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4648-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.30.3-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.30.3-0ubuntu0.20.04.1'},\n {'osver': '20.10', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.30.3-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.30.3-0ubuntu0.20.10.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:42:04", "description": "The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1990-1 advisory.\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9947)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-21T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:1990-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13543", "CVE-2020-13558", "CVE-2020-13584", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-9947", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1990-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150913", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:1990-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150913);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-9947\",\n \"CVE-2020-9948\",\n \"CVE-2020-9951\",\n \"CVE-2020-9983\",\n \"CVE-2020-13543\",\n \"CVE-2020-13558\",\n \"CVE-2020-13584\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:1990-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:1990-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2021:1990-1 advisory.\n\n - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A\n specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code\n execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit\n WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The\n victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0,\n iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9947)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari\n 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1871\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-June/009023.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01d3fe47\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'2', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.32.1-2.63', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.32.1-2.63', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.1-2.63', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:54", "description": "An update of the glib package has been released.", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Glib PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glib", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_GLIB.NASL", "href": "https://www.tenable.com/plugins/nessus/128716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128716);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Photon OS 2.0: Glib PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glib package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-2.58.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-debuginfo-2.58.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-devel-2.58.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glib-schemas-2.58.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:55", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and libgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1830-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1830-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128017", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1830-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128017);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1830-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and\nlibgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191830-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e0f741c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-1830=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-1830=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-1830=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:28", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and libgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : glib2 (SUSE-SU-2019:1830-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-fam", "p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1830-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1830-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126692);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : glib2 (SUSE-SU-2019:1830-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNon-security issue fixed: Added explicit requires between libglib2 and\nlibgio2 (bsc#1140122).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191830-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1d7141c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-1830=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1830=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch\nSUSE-SLE-WE-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1830=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1830=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-1830=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1830=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1830=1\n\nSUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP5-2019-1830=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1830=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-1830=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1830=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-fam-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgio-fam-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"glib2-debugsource-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"glib2-tools-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"glib2-tools-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-fam-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgio-fam-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-2.48.2-12.15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:18", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1833-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-devel", "p-cpe:/a:novell:suse_linux:glib2-devel-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:glib2-devel-debuginfo", "p-cpe:/a:novell:suse_linux:glib2-devel-static", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-fam", "p-cpe:/a:novell:suse_linux:libgio-fam-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo"], "id": "SUSE_SU-2019-1833-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1833-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126694);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1833-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191833-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0197fb8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in\n-t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1833=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1833=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1833=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1833=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1833=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-fam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-debugsource-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-devel-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-devel-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-devel-static-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-tools-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"glib2-tools-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-fam-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgio-fam-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libglib-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libglib-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgmodule-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgobject-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgthread-2_0-0-2.54.3-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-4.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:08", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glib2 (openSUSE-2019-1749)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gio-branding-upstream", "p-cpe:/a:novell:opensuse:glib2-debugsource", "p-cpe:/a:novell:opensuse:glib2-devel", "p-cpe:/a:novell:opensuse:glib2-devel-32bit", "p-cpe:/a:novell:opensuse:glib2-devel-32bit-debuginfo", "p-cpe:/a:novell:opensuse:glib2-devel-debuginfo", "p-cpe:/a:novell:opensuse:glib2-devel-static", "p-cpe:/a:novell:opensuse:glib2-lang", "p-cpe:/a:novell:opensuse:glib2-tools", "p-cpe:/a:novell:opensuse:glib2-tools-32bit", "p-cpe:/a:novell:opensuse:glib2-tools-32bit-debuginfo", "p-cpe:/a:novell:opensuse:glib2-tools-debuginfo", "p-cpe:/a:novell:opensuse:libgio-2_0-0", "p-cpe:/a:novell:opensuse:libgio-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libgio-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libgio-fam", "p-cpe:/a:novell:opensuse:libgio-fam-32bit", "p-cpe:/a:novell:opensuse:libgio-fam-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgio-fam-debuginfo", "p-cpe:/a:novell:opensuse:libglib-2_0-0", "p-cpe:/a:novell:opensuse:libglib-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libglib-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libgmodule-2_0-0", "p-cpe:/a:novell:opensuse:libgmodule-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libgmodule-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libgobject-2_0-0", "p-cpe:/a:novell:opensuse:libgobject-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libgobject-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libgthread-2_0-0", "p-cpe:/a:novell:opensuse:libgthread-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libgthread-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libgthread-2_0-0-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1749.NASL", "href": "https://www.tenable.com/plugins/nessus/126890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1749.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126890);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"openSUSE Security Update : glib2 (openSUSE-2019-1749)\");\n script_summary(english:\"Check for the openSUSE-2019-1749 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-13012: Fixed improper restriction of file\n permissions when creating directories (bsc#1139959).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glib2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gio-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-tools-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-tools-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-fam-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-fam-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgio-fam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libglib-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libglib-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgmodule-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgmodule-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgobject-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgobject-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgthread-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgthread-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"gio-branding-upstream-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-debugsource-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-devel-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-devel-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-devel-static-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-lang-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-tools-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"glib2-tools-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgio-2_0-0-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgio-2_0-0-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgio-fam-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgio-fam-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libglib-2_0-0-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libglib-2_0-0-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgmodule-2_0-0-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgmodule-2_0-0-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgobject-2_0-0-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgobject-2_0-0-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgthread-2_0-0-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libgthread-2_0-0-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glib2-devel-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"glib2-tools-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgio-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgio-fam-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libglib-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgmodule-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgobject-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-2.54.3-lp150.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libgthread-2_0-0-32bit-debuginfo-2.54.3-lp150.3.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gio-branding-upstream / glib2-debugsource / glib2-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:16", "description": "This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1824-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glib2-debugsource", "p-cpe:/a:novell:suse_linux:glib2-tools", "p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libgio-2_0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0", "p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libglib-2_0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0", "p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgmodule-2_0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0", "p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgobject-2_0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0", "p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libgthread-2_0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0", "p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1824-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1824-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126689);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1824-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glib2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-13012: Fixed improper restriction of file permissions when\ncreating directories (bsc#1139959).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13012/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191824-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0e1f5fb\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1824=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1824=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1824=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glib2-debugsource-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glib2-tools-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glib2-tools-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgio-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgio-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgio-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libglib-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libglib-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libglib-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgmodule-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgmodule-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgmodule-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgobject-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgobject-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgobject-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgthread-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgthread-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgthread-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glib2-debugsource-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glib2-tools-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glib2-tools-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgio-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgio-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgio-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libglib-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libglib-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libglib-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgmodule-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgmodule-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgmodule-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgobject-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgobject-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgobject-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgthread-2_0-0-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgthread-2_0-0-32bit-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgthread-2_0-0-debuginfo-2.38.2-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:44", "description": "It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : glib2.0 vulnerability (USN-4049-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libglib2.0-0", "p-cpe:/a:canonical:ubuntu_linux:libglib2.0-bin", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-4049-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4049-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126565);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-13012\");\n script_xref(name:\"USN\", value:\"4049-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : glib2.0 vulnerability (USN-4049-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that GLib created directories and files without\nproperly restricting permissions. An attacker could possibly use this\nissue to access sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4049-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libglib2.0-0 and / or libglib2.0-bin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libglib2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libglib2.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libglib2.0-0\", pkgver:\"2.48.2-0ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libglib2.0-bin\", pkgver:\"2.48.2-0ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libglib2.0-0\", pkgver:\"2.56.4-0ubuntu0.18.04.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libglib2.0-bin\", pkgver:\"2.56.4-0ubuntu0.18.04.4\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libglib2.0-0\", pkgver:\"2.58.1-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libglib2.0-bin\", pkgver:\"2.58.1-2ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libglib2.0-0 / libglib2.0-bin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:55", "description": "Simon McVittie spotted a memory leak regression in the way CVE-2019-13012 had been resolved for glib2.0 in Debian jessie.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.42.1-1+deb8u3.\n\nWe recommend that you upgrade your glib2.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Debian DLA-1866-2 : glib2.0 regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libglib2.0-0", "p-cpe:/a:debian:debian_linux:libglib2.0-0-dbg", "p-cpe:/a:debian:debian_linux:libglib2.0-0-refdbg", "p-cpe:/a:debian:debian_linux:libglib2.0-bin", "p-cpe:/a:debian:debian_linux:libglib2.0-data", "p-cpe:/a:debian:debian_linux:libglib2.0-dev", "p-cpe:/a:debian:debian_linux:libglib2.0-doc", "p-cpe:/a:debian:debian_linux:libglib2.0-tests", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1866.NASL", "href": "https://www.tenable.com/plugins/nessus/127475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1866-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127475);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Debian DLA-1866-2 : glib2.0 regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon McVittie spotted a memory leak regression in the way\nCVE-2019-13012 had been resolved for glib2.0 in Debian jessie.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.42.1-1+deb8u3.\n\nWe recommend that you upgrade your glib2.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/glib2.0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-0-refdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libglib2.0-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-0\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-0-dbg\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-0-refdbg\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-bin\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-data\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-dev\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-doc\", reference:\"2.42.1-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libglib2.0-tests\", reference:\"2.42.1-1+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:18", "description": "An update of the glib package has been released.", "cvss3": {}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Glib PHSA-2019-1.0-0245", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glib", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0245_GLIB.NASL", "href": "https://www.tenable.com/plugins/nessus/128166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0245. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128166);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Photon OS 1.0: Glib PHSA-2019-1.0-0245\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glib package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-245.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-2.58.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-debuginfo-2.58.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-devel-2.58.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glib-schemas-2.58.3-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:07", "description": "An update of the glib package has been released.", "cvss3": {}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Glib PHSA-2019-3.0-0024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13012"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glib", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0024_GLIB.NASL", "href": "https://www.tenable.com/plugins/nessus/128152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128152);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-13012\");\n\n script_name(english:\"Photon OS 3.0: Glib PHSA-2019-3.0-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glib package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-2.58.0-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-debuginfo-2.58.0-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-devel-2.58.0-4.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"glib-schemas-2.58.0-4.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:11", "description": "According to the version of the glib2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL, NULL) and files using g_file_replace_contents (kfsb-i1/4zfile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2019-1927)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glib2", "p-cpe:/a:huawei:euleros:glib2-devel", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1927.NASL", "href": "https://www.tenable.com/plugins/nessus/128930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128930);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13012\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2019-1927)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glib2 packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - The keyfile settings backend in GNOME GLib (aka\n glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL,\n NULL) and files using g_file_replace_contents\n (kfsb-i1/4zfile, contents, length, NULL, FALSE,\n G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory\n (and file) permissions. Instead, for directories, 0777\n permissions are used for files, default file\n permissions are used. This is similar to\n CVE-2019-12450.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1927\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8eed4b2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glib2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"glib2-2.54.2-2.h1\",\n \"glib2-devel-2.54.2-2.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:16:38", "description": "According to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : glib2 (EulerOS-SA-2020-1387)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glib2", "p-cpe:/a:huawei:euleros:glib2-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1387.NASL", "href": "https://www.tenable.com/plugins/nessus/135516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135516);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-12450\",\n \"CVE-2019-13012\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : glib2 (EulerOS-SA-2020-1387)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glib2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0\n through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\n - The keyfile settings backend in GNOME GLib (aka\n glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL,\n NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE,\n G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory\n (and file) permissions. Instead, for directories, 0777\n permissions are used for files, default file\n permissions are used. This is similar to\n CVE-2019-12450.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1387\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4120b915\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glib2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glib2-2.50.3-3.h4\",\n \"glib2-devel-2.50.3-3.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:09", "description": "According to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL, NULL) and files using g_file_replace_contents (kfsb-i1/4zfile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2019-2077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glib2", "p-cpe:/a:huawei:euleros:glib2-devel", "p-cpe:/a:huawei:euleros:glib2-fam", "p-cpe:/a:huawei:euleros:glib2-tests", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2077.NASL", "href": "https://www.tenable.com/plugins/nessus/129436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129436);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-12450\",\n \"CVE-2019-13012\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2019-2077)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glib2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0\n through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\n - The keyfile settings backend in GNOME GLib (aka\n glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL,\n NULL) and files using g_file_replace_contents\n (kfsb-i1/4zfile, contents, length, NULL, FALSE,\n G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory\n (and file) permissions. Instead, for directories, 0777\n permissions are used for files, default file\n permissions are used.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2077\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0243b2f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glib2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"glib2-2.58.1-1.h2.eulerosv2r8\",\n \"glib2-devel-2.58.1-1.h2.eulerosv2r8\",\n \"glib2-fam-2.58.1-1.h2.eulerosv2r8\",\n \"glib2-tests-2.58.1-1.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:48", "description": "According to the version of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL, NULL) and files using g_file_replace_contents (kfsb-i1/4zfile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : glib2 (EulerOS-SA-2019-1894)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glib2", "p-cpe:/a:huawei:euleros:glib2-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1894.NASL", "href": "https://www.tenable.com/plugins/nessus/128817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128817);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13012\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : glib2 (EulerOS-SA-2019-1894)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glib2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The keyfile settings backend in GNOME GLib (aka\n glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL,\n NULL) and files using g_file_replace_contents\n (kfsb-i1/4zfile, contents, length, NULL, FALSE,\n G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory\n (and file) permissions. Instead, for directories, 0777\n permissions are used for files, default file\n permissions are used. This is similar to\n CVE-2019-12450.(CVE-2019-13012)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1894\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5fa6c07\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glib2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glib2-2.54.2-2.h1.eulerosv2r7\",\n \"glib2-devel-2.54.2-2.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:08", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has glib2 packages installed that are affected by multiple vulnerabilities:\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. (CVE-2019-13012)\n\n - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. (CVE-2021-27219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : glib2 Multiple Vulnerabilities (NS-SA-2022-0053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12450", "CVE-2019-13012", "CVE-2021-27219"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:glib2", "p-cpe:/a:zte:cgsl_main:glib2-debuginfo", "p-cpe:/a:zte:cgsl_main:glib2-debugsource", "p-cpe:/a:zte:cgsl_main:glib2-devel", "p-cpe:/a:zte:cgsl_main:glib2-devel-debuginfo", "p-cpe:/a:zte:cgsl_main:glib2-fam", "p-cpe:/a:zte:cgsl_main:glib2-fam-debuginfo", "p-cpe:/a:zte:cgsl_main:glib2-static", "p-cpe:/a:zte:cgsl_main:glib2-tests", "p-cpe:/a:zte:cgsl_main:glib2-tests-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0053_GLIB2.NASL", "href": "https://www.tenable.com/plugins/nessus/160863", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0053. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160863);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2019-13012\", \"CVE-2021-27219\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : glib2 Multiple Vulnerabilities (NS-SA-2022-0053)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has glib2 packages installed that are affected by multiple\nvulnerabilities:\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories,\n 0777 permissions are used; for files, default file permissions are used. This is similar to\n CVE-2019-12450. (CVE-2019-13012)\n\n - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has\n an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow\n could potentially lead to memory corruption. (CVE-2021-27219)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0053\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-13012\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27219\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL glib2 packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-fam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:glib2-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'glib2-2.56.4-10.el8_4',\n 'glib2-debuginfo-2.56.4-10.el8_4',\n 'glib2-debugsource-2.56.4-10.el8_4',\n 'glib2-devel-2.56.4-10.el8_4',\n 'glib2-devel-debuginfo-2.56.4-10.el8_4',\n 'glib2-fam-2.56.4-10.el8_4',\n 'glib2-fam-debuginfo-2.56.4-10.el8_4',\n 'glib2-static-2.56.4-10.el8_4',\n 'glib2-tests-2.56.4-10.el8_4',\n 'glib2-tests-debuginfo-2.56.4-10.el8_4'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glib2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:14:30", "description": "According to the versions of the glib2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\n - GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().(CVE-2018-16429)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : glib2 (EulerOS-SA-2020-1456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16429", "CVE-2019-12450", "CVE-2019-13012"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glib2", "p-cpe:/a:huawei:euleros:glib2-devel", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1456.NASL", "href": "https://www.tenable.com/plugins/nessus/135618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135618);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16429\",\n \"CVE-2019-12450\",\n \"CVE-2019-13012\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : glib2 (EulerOS-SA-2020-1456)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glib2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The keyfile settings backend in GNOME GLib (aka\n glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL,\n NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE,\n G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory\n (and file) permissions. Instead, for directories, 0777\n permissions are used for files, default file\n permissions are used. This is similar to\n CVE-2019-12450.(CVE-2019-13012)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0\n through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\n - GNOME GLib 2.56.1 has an out-of-bounds read\n vulnerability in g_markup_parse_context_parse() in\n gmarkup.c, related to utf8_str().(CVE-2018-16429)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1456\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4c34285\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glib2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glib2-2.54.2-2.h3.eulerosv2r7\",\n \"glib2-devel-2.54.2-2.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:42", "description": "According to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.(CVE-2015-3217)\n\n - Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.(CVE-2015-5073)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : glib2 (EulerOS-SA-2020-1654)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3217", "CVE-2015-5073", "CVE-2019-12450", "CVE-2019-13012"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glib2", "p-cpe:/a:huawei:euleros:glib2-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1654.NASL", "href": "https://www.tenable.com/plugins/nessus/137496", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137496);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-3217\",\n \"CVE-2015-5073\",\n \"CVE-2019-12450\",\n \"CVE-2019-13012\"\n );\n script_bugtraq_id(\n 75018,\n 75430\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : glib2 (EulerOS-SA-2020-1654)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glib2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10\n mishandle group empty matches, which might allow remote\n attackers to cause a denial of service (stack-based\n buffer overflow) via a crafted regular expression, as\n demonstrated by\n /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.(CVE-2015-3217)\n\n - Heap-based buffer overflow in the find_fixedlength\n function in pcre_compile.c in PCRE before 8.38 allows\n remote attackers to cause a denial of service (crash)\n or obtain sensitive information from heap memory and\n possibly bypass the ASLR protection mechanism via a\n crafted regular expression with an excess closing\n parenthesis.(CVE-2015-5073)\n\n - The keyfile settings backend in GNOME GLib (aka\n glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL,\n NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE,\n G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory\n (and file) permissions. Instead, for directories, 0777\n permissions are used for files, default file\n permissions are used. This is similar to\n CVE-2019-12450.(CVE-2019-13012)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0\n through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress.\n Instead, default permissions are used.(CVE-2019-12450)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1654\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc95cd05\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glib2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:U/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glib2-2.50.3-3.h5\",\n \"glib2-devel-2.50.3-3.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:47:08", "description": "The version of glib2 installed on the remote host is prior to 2.36.3-5.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1742 advisory.\n\n - In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.\n (CVE-2018-16428)\n\n - GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). (CVE-2018-16429)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. (CVE-2019-13012)\n\n - An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) (CVE-2021-28153)\n\n - A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. (CVE-2021-3800)\n\n - In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.\n (CVE-2018-16428) (CVE-2023-24593, CVE-2023-25180)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glib2 (ALAS-2023-1742)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16428", "CVE-2018-16429", "CVE-2019-12450", "CVE-2019-13012", "CVE-2021-28153", "CVE-2021-3800", "CVE-2023-24593", "CVE-2023-25180"], "modified": "2023-05-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glib2", "p-cpe:/a:amazon:linux:glib2-debuginfo", "p-cpe:/a:amazon:linux:glib2-devel", "p-cpe:/a:amazon:linux:glib2-doc", "p-cpe:/a:amazon:linux:glib2-fam", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1742.NASL", "href": "https://www.tenable.com/plugins/nessus/175096", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1742.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175096);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/05\");\n\n script_cve_id(\n \"CVE-2018-16428\",\n \"CVE-2018-16429\",\n \"CVE-2019-13012\",\n \"CVE-2021-3800\",\n \"CVE-2021-28153\",\n \"CVE-2023-24593\",\n \"CVE-2023-25180\"\n );\n\n script_name(english:\"Amazon Linux AMI : glib2 (ALAS-2023-1742)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of glib2 installed on the remote host is prior to 2.36.3-5.23. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2023-1742 advisory.\n\n - In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.\n (CVE-2018-16428)\n\n - GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c,\n related to utf8_str(). (CVE-2018-16429)\n\n - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using\n g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents\n (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).\n Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories,\n 0777 permissions are used; for files, default file permissions are used. This is similar to\n CVE-2019-12450. (CVE-2019-13012)\n\n - An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with\n G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also\n creates the target of the symlink as an empty file, which could conceivably have security relevance if the\n symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents\n of that file correctly remain unchanged.) (CVE-2021-28153)\n\n - A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from\n files owned by privileged users to unprivileged ones under the right condition. (CVE-2021-3800)\n\n - In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.\n (CVE-2018-16428) (CVE-2023-24593, CVE-2023-25180)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-16428.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-16429.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-13012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28153.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3800.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-24593.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-25180.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update glib2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glib2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glib2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glib2-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'glib2-2.36.3-5.23.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-2.36.3-5.23.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-debuginfo-2.36.3-5.23.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-debuginfo-2.36.3-5.23.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.36.3-5.23.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-devel-2.36.3-5.23.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-doc-2.36.3-5.23.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.36.3-5.23.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glib2-fam-2.36.3-5.23.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glib2 / glib2-debuginfo / glib2-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T15:39:16", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0182-2 advisory.\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8766)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8782)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-8808)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2019-8815)\n\n - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop- portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.\n (CVE-2020-13753)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.\n (CVE-2020-3902)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-9802)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9803)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2020-9805)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9947)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21.\n Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2020-9952)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1817)\n\n - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2021-1820)\n\n - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2021-1825)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-1826)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Su